RIAA to face MyDoom's music?

A slow-spreading variant of the MyDoom virus is expected to target the recording industry's Web site with a deluge of data. But the RIAA may not feel the pain.

Robert Lemos Staff Writer, CNET News.com

Robert Lemos

covers viruses, worms and other security threats.

See full bio

Robert Lemos

Feb. 20, 2004 4:55 p.m. PT

2 min read

A variant of the MyDoom virus has started spreading, albeit slowly, and security experts expect it to target the main Web site of the music industry.

The variant, MyDoom.F, deletes several different types of files stored on an infected computer and aims to attack the Web sites of Microsoft and the Recording Industry Association of America with a flood of data, antivirus companies said Friday.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Neither site may feel much pain, however, as the virus has failed to spread quickly.

"It is not very prevalent," said Craig Schmugar, virus research manager for Network Associates' vulnerability emergency response team. "We haven't seen anything beyond (a single) sample in the past 24 hours."

The original MyDoom spread through e-mail in late January, infecting a new computer every time an unwary person opened the attached file containing the program. Between several hundred thousand and 2 million computers were infected, according to estimates.

Antivirus firms believe that the writer of the MyDoom.F virus is different from the person believed to have authored the first two versions of the code. A later worm, Doomjuice, spread to computers that were already infected by MyDoom and dropped copies of the original virus' source code. It's thought that the author of MyDoom.F used that code to write this new virus.

"Right now, it feels like someone took the original one and modified it," said Vincent Weafer, senior director for the antivirus research center at security company Symantec. "That's just a gut feeling."

The MyDoom.F virus spreads using a variety of subject lines and message text, usually attaching itself to the message as a Zip compressed file. The virus infects Windows computers when the user opens the file.

PCs compromised by the virus send out virus-laden e-mail messages using random addresses found in a variety of files, such as cached Web pages and the Windows address book. The virus also deletes Word documents, JPG picture files, Audio Video Interleaved files, Excel spreadsheets and a few other types of files.