|The MyDoom-Q worm uses Yahoo People Search to hunt for email addresses|
Sophos warned computer users about the latest variant of the MyDoom worm, W32/MyDoom-Q, which was seen spreading in the wild yesterday, and is using the People Search facility of the Yahoo website to search for additional email addresses to try and infect.
The attack echoes the MyDoom-O worm's use of the Google, Yahoo, Lycos and Altavista search engines last week, which resulted in millions of users being unable to search the web using Google.
The MyDoom-Q worm arrives as an email attachment, and will scour files on the infected user's hard drive for other email addresses to which to send itself. However, it will then use the People Search facility of the Yahoo website (people.yahoo.com) to try and find additional email addresses.
"Copycat viruses are all the rage in the cybercrime underworld, so you didn't have to be psychic to predict the release of more worms trying to scoop up email addresses from search engines. Unfortunately, we expect to see other worm authors trying similar tricks in the future," said Graham Cluley, senior technology consultant for Sophos. "All internet users should do their bit to ensure they are not passing on infected files by using up-to-date anti-virus software and exercising great caution when receiving unsolicited email attachments."
Sophos reminds the internet community that both Microsoft and SCO have issued substantial rewards totalling $500,000 for information which leads to the successful conviction of those behind the MyDoom worm.
"Someone in the computer underground must know who the person or people behind the MyDoom viruses are," continued Cluley. "Those with knowledge which may help the investigation should come forward now and pass their information onto the authorities."
At the time of writing Yahoo's search engine appears to be working properly, and MyDoom-Q does not appear to be spreading in the wild in anything like the numbers of its more prevalent predecessor.
Sophos issued protection against the W32/MyDoom-Q worm at 20:21 GMT on 3 August 2004. Customers using Enterprise Manager, PureMessage or the Sophos small business solutions were automatically protected at their next scheduled update.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.