Variant of MyDoom-A virus detected
30th January 2004 (The Star)

PETALING JAYA: Local antivirus company Extol Corp said it has detected a new variant of the MyDoom-A or Novarg computer virus that began spreading rapidly across the Internet on Monday.

The new MyDoom-B variant, detected on Wednesday night, has not only been modified to slip past MyDoom-A defences but to also make it impossible for infected computers to access the websites of several of the world's leading antivirus software firms.

"Although it represents a low threat at the present time, we advise computer users to download the latest definition files for their antivirus software to protect their computers and servers," said Extol spokesman Helene Picot.

Users of infected systems who cannot access the websites of their antivirus vendors should instead try to do so from a clean computer. They can then download the files onto a floppy disk and transfer them to their infected PCs.

Extol said its own antivirus solution, Armour Virus Control, was safe from both MyDoom versions using definition files it had made available since Wednesday. A more complete description of MyDoom-B can be found at www.extol.com.my.

Picot said that Extol technical manager Mickey Loh had also developed a tool that checks specifically for both MyDoom versions on any computer, regardless of what antivirus software was being used.

Users can download the tool for free from Extol's website if they are not sure whether their PCs have been infected.

The MyDoom-A virus had within 36 hours infected 100 million e-mail messages across the world.

According to some estimates, more than 30% of all e-mail was now carrying the virus.

The Malaysian Computer Emergency and Response Team (MyCERT) has so far received only 10 reports of local infection on the first day, but admitted that many organisations that have been affected may not have reported it yet.

"Currently, the severity of the outbreak of this worm cannot be predicted within our constituency," it said in a statement.

Some antivirus experts are expecting MyDoom-A to be more devastating than last August's SoBig-F virus, which clogged up the Internet so much that surfing worldwide slowed down to a crawl.

The new version contains minimal technical innovations, said Sevaraja Velautham, managing director of AVP (SEA) Sdn Bhd, the local distributor of antivirus solutions from Russia's Kaspersky Labs.

"MyDoom-B is scheduled to launch a DoS attack between Feb 1 and Feb 12 on the websites of both SCO and Microsoft Corp," he said.

Kaspersky's antivirus solutions have also been updated to protect against the new virus. For more information, go to www.avpsea.comor www.kas persky.com.