Gullible Users Spreading 'Mydoom' Worm

The continued spread of a cleverly engineered computer virus exposes a key flaw in the global embrace of technology: Its users are human.

Posing as a legitimate computer error message, the worm successfully tricked e-mail recipients into spreading it to friends, co-workers and business associates.

Although users have grown wiser about falling for such tricks, virus writers have also gotten smarter about fooling them.

"People that are bent on doing these things continue to display a high degree of intelligence," said Bob Jorgensen of Boeing Co., whose e-mail systems (search) slowed down because of the worm. "We need to continue to work to stay one step ahead" through better technology and education.

MessageLabs Inc., which scans e-mail for viruses, said one in every 12 messages contained the worm, called "Mydoom" or "Novarg." Security experts described it as the largest outbreak in months.

"It's the trust factor you are exploiting," said Oliver Friedrichs, senior research manager with anti-virus vendor Symantec Corp. "Most people, when they receive something, they want to trust it. You don't want to miss something people may be sending you."

Upon activation — usually when a recipient clicks on an e-mail attachment (search) — the rogue program searches though address books and sends itself to e-mail addresses it finds. It chooses one as the sender, so recipients may believe the message comes from someone known.

Unlike other mass-mailing worms, Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes. Rather, messages carry innocuous-sounding subject lines, like "Error" or "Server Report" and messages in the body such as "Mail transaction failed. Partial message is available."

It is precisely because the message's tone is so basic that many computer users conditioned to be suspect of attachments wound up opening Mydoom anyway, said Chuck Adams, chief security officer with NetSolve Inc., a security firm in Austin, Texas.

Some corporate networks were clogged with infected traffic within hours of its appearance Monday, and operators of many systems voluntarily shut down their e-mail to keep the worm from spreading during the cleanup.

Keynote Systems Inc., which tracks Internet performance, recorded a slight degradation in Web site availability and speed.

The worm, however, falls short of a homeland security or national security threat, said Amit Yoran, the U.S. government's cyber-security chief.

Mydoom infects computers that run Microsoft Corp.'s Windows operating systems (search), though other computers were affected by network slowdowns and a flood of bogus messages. Unlike other recent attacks, it does not appear to exploit any Windows security flaw.

Besides sending out tainted e-mail, the program appears to open up a backdoor so hackers can take over the computer later. The worm also tries to spread through the Kazaa file-sharing network and was programmed to try to overwhelm the Web site of The SCO Group Inc. beginning Sunday by repeatedly sending fake requests.

SCO's site has been targeted before because of its threats to sue users of the Linux operating system (search) in an intellectual property dispute, and spokesman Blake Stowell said the site was unavailable at times Tuesday, apparently because of infected computers set to the wrong date.

On Tuesday, SCO announced a $250,000 reward for information leading to the arrest and conviction of Mydoom's creator.

Anti-virus vendors have posted software updates to catch the worm, and security experts warned computer users not to open questionable attachments, the Mydoom ones carrying extensions like ".exe," ".scr," ".cmd," ".pif" or ".zip."

But no amount of warning will ever eliminate threats entirely.

"Folks are just going to fall prey to things that look like familiar things that happen to their e-mail, like getting an error message, a forwarded message or a reply message," said Lee Rainie, director of the Pew Internet and American Life Project (search).

With 128 million Americans already online — and newcomers less aware of these tricks joining all the time — "it takes a relatively small fraction of folks to make mistakes," he said.