Microsoft is the next target for the virus that brought widespread disruption to search engines earlier.
Earlier this week Google, Lycos, Altavista and Yahoo all struggled to cope with the number of queries made by the MyDoom.O Windows virus.
Now security firms are warning about Zindos, a partner program of MyDoom.O, that tries to exploit all the machines infected with the earlier virus.
Zindos is programmed to endlessly visit the Microsoft.com homepage.
MyDoom.O, also called MyDoom.M, hit the headlines because of the trick it used to look for new victims to infect.
Instead of just plundering Microsoft Outlook address books, the virus also went online to search for other e-mail addresses with the same suffix.
MYDOOM.O SUBJECT LINES
hi
Delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error instruction
MAILER-DAEMON
"Mail Administrator"
"Automatic Email Delivery Software"
"Post Office"
"The Post Office"
"Bounced mail"
"Returned mail"
"Mail Delivery Subsystem"
As well as searching the net for new addresses and looking for new hosts to infect, MyDoom.O also opened up a backdoor on compromised machines.
This backdoor is now being exploited by the follow-up Zindos virus which is spreading rapidly through those machines still hosting the MyDoom.O bug.
Once installed Zindos scours connections looking for other vulnerable machines and, once it finds one, starts bombarding Microsoft.com with requests.
So far Zindos has not spread widely and security experts speculate that it has been released simply to cash in on the success of MyDoom.O.
The Microsoft.com website has yet to show any sign that it is struggling to cope with the hits generated by Zindos.
The bug is programmed to visit the Microsoft.com website once every 50 milliseconds.
In a statement Microsoft said it had "taken steps" to ensure the website stays live.
The trouble caused by the MyDoom.O virus is also waning. Security firm Symantec said that it was seeing only one-third the number of reports of MyDoom.O as it had at the peak of the outbreak.
The attack on Microsoft continues a trend seen with MyDoom variants which in the past have been used to attack the Recording Industry Association of America, the SCO Group and Microsoft.
Security firms expect to see a slew of novel viruses that copy MyDoom.O's search engine trick and which try to piggy back on successful infections to boost their own chances of spreading widely.
MyDoom.O itself is thought to have used the network of compromised PCs created by MyDoom.L to spread quickly.
Like many recent viruses MyDoom.O spread via e-mail attachments.
It tried to trick people into opening it by disguising itself as e-mail system error messages and warning that a machine was being used to send spam.
The worms affect Windows systems but not Linux or Apple Mac computers.
http://news.bbc.co.uk/1/hi/technology/3932587.stm
Topic: New virus exploits MyDoom success (Read 642 times)