AUCKLAND (01/30/2004) - The Mydoom mass mailing worm seems to have originated in Russia, according to anti-virus specialist MessageLabs Inc., and a new variant of the original virus has also been reported sporting a different payload.
Mydoom.A's payload added a backdoor to infected PCs that is supposed to launch a denial of service (DOS) attack on The SCO Group Inc.'s Web site however there is now some debate amongst security experts as to whether this is in fact the case or not.
Mydoom.B is believed to be targeting Microsoft Corp.'s homepage and blocks the infected machine from visiting around 65 anti-virus vendors' Web sites.
Traffic levels are so great that Optus in Australia has taken the unusual step of blocking port 25 to try to limit the spread of the virus. This affects customers who have their e-mail hosted by an external SMTP provider off Optus's network. Telecom New Zealand was forced to block port 135 during the Blaster worm attack in September however that appears to be the only instance in New Zealand.
Telecom New Zealand spokeswoman Katrina King says Telecom has no plans to block port 25 as the virus appears to be tapering off.
"It peaked on the first day at around 2,000 infected e-mails blocked per minute but that's fallen back now."
On average Telecom saw 1,000 e-mails per minute blocked.
TelstraClear says it has blocked over 1 million copies of the Mydoom virus to date but has seen "no significant increase" in traffic from the Mydoom.B, according to spokesman Ralph Little.
"We have no plans to block any ports at this stage," says Little. "We would have to be very careful not to interfere with customers' traffic if we did."