In late 2003 one of the most rampant computer viruses the world has seen, MyDoom.A (also known as Novarg or Mimail R), hit the Internet.
Like its namesake, the virus, MyDoom.A quickly jumped from one computer to another. Each infected computer would execute code that spread more versions of it throughout the Internet.
By the time the virus was brought under control, it was claimed it had caused up to US$250 million in damages due to lost productivity.
In response Microsoft set up a US$5 million fund with a US$250,000 reward for information that led to the capture of the perpetrators.
Throughout the world millions of dollars are spent every year securing systems against the next ‘big attack'.
But in early November another virus with the MyDoom name appeared on the Internet: W32/MyDoom.ah@MM (also known as Bofra.D).
Joel Hatton, of The University of Queensland's Incident Response Team, says that anyone, regardless of knowledge, can implement good security measures to prevent damage from viruses like MyDoom.
“The good news is that the best defenses against computer attacks are actually the easiest,” Hatton said.
“Surprisingly though, they are often the most neglected and this has to change.”


W32/Mydoom.ah@MM : A brief overview

The MyDoom.ah mass-mailing virus highlights serious flaws in how people read and treat unsolicited email. 
“Users have responded to the dangers of email viruses and have become wary of file attachments in email, but this is not the case with URLs,” said Hatton. 
MyDoom.ah spread by exploiting a vulnerability in the Microsoft Internet Explorer browser, which caused computers visiting a malicious web site to become infected. 
The trigger for the virus was an email message containing a link to another MyDoom.ah-infected machine. 
By clicking the link, it caused the recipient's computer to become a web server and begin sending similar email messages, thus creating a chain of infected computers. 
“A computer infected with a trojan process like MyDoom.ah is invisible to the user,” Hatton said. 
“A drop in connection speed or an unexplainable increase in monthly data charges may be the first and only warning of the undesirable network services their computer is now providing.” 


How to protect yourself

Hatton said most people do not regard emails with enough suspicion and this has led to the success of viruses like MyDoom.ah.
But he noted there are a number of basic security measures that everyone can take to protect themselves and others:
  1. Enable your Windows XP firewall, or install an alternative such as Symantec's Norton Firewall or the free Zone Alarm.
  2. Keep your operating system up-to-date with Windows Update
  3. Use and regularly update anti-virus software.
“MyDoom.ah has demonstrated the importance of ensuring all three of these baseline security measures are in place,” Hatton said.
At the time of MyDoom.ah's release, no Microsoft patch (OS update) was available to counter this problem, although Windows XP with Service Pack 2, was immune to the type of buffer overflow exploit used by MyDoom.ah.
A user with a firewall may have been infected but this would have prevented the virus from spreading further, because recipients would have been unable to connect using the ‘homepage' link.
It was the failure of many users to have an installed firewall that allowed infection to spread to other computers.
As well anti-virus software running in real-time may have protected against the execution of MyDoom.ah.
Microsoft Internet Explorer, due to its popularity, is often targeted by hackers looking for vulnerabilities in the browser.
So for many users changing to another browser, such as the Mozilla Foundation's popular Firefox browser, would be an effective workaround.
Even if people did not take these precautions, Hatton said they would have been protected from MyDoom.ah if they “had been more circumspect about responding to the invitation in the email message”.
He recommends people regard emails as suspicious:
  1. If it contains an unsolicited URL, binary or html attachment
  2. If it purports to be from someone they know but has content or subject that seems out of character for the sender.
“Remember that computer security affects not only you and your computer, but a compromise of your computer can be used to attack others . Responsible use of networked computing demands a minimum standard of security,” Hatton said.
“Operating a computer is not entirely dissimilar to operating any other piece of equipment – an onus of responsibility exists for the user to be aware of its risks and limitations.


Links to further information:

Being aware of security issues as they arise can help, so subscribing to a security mailing list for your operating system is an option, and AusCERT (the national Computer Emergency Response Team) provides a free alerting service.
Microsoft Security - For all the latest information about Microsoft security risks and steps you can take to secure your computer.
AusCERT National Security Bulletins – Australia 's national Computer Emergency Response Team, provides a detailed list of the latest security problems affecting the country. You can apply to their mailing list, which will keep you up-to-date with security alerts.
Symantec information about MyDoom.ah – Visit this site for detailed information about the MyDoom.ah virus.
Information on protecting your computer from malicious code – AusCERT has written up an easy-to-understand article on protecting your computer.
Home Computer Security – A comprehensive article that explains many things you need to know about computer security.
Firefox Browser – A simple step towards providing extra protection for your computer is using an alternative browser such as Firefox.
Zone Alarm firewall software – This free firewall program will help protect your computer and others against potential malicious attacks.
Kerio firewall software - Another free firewall program to help protect your computer.
AVG anti-virus – Free anti-virus program with regular updates to help protect your computer against infection.

Looked through our guides and still can't find the right answer?

Search all Help Guides  or  Submit new support job