MyDoom Worm and me

As with most things, when it comes to things like computer worms, the natural question is “how does this affect me?”

Since I don’t use Microsoft products for email, my own systems are seldom infected but I usually feel indirect effects, like heavy loads on servers or the net at large. This case was no different. None of my systems were infected by the MyDoom virus/worm itself, but my servers and inbox have been hammered.

Since I started tracking this worm specifically, at 4:30pm yesterday, I (personally) have received over 43,000 copies (as of 10:34am today), over 24,000 so far this morning alone.

It essentially has DDOS-ed my system. I had to make a bunch of changes to my system to attempt to keep it running (barely) during this time. I really have no idea how many legitimate emails I have lost as a result. And of course this is in addition to the usual 5000-8000 spam messages I receive per day.

A Reuters story said:

The new worm, also dubbed Novarg or Shimgapi, doesn’t take advantage of any software flaws or vulnerabilities.

I completely disagree. Any program that will run code received in an email when a user believes they are ‘viewing an attachment’ is a major flaw. It’s one thing if my email program runs a helper application that I have selected to ‘view an attachment’ but quite another if it executes the program in the email itself to do so. This is not the same as downloadng an executable from a site of my choice and then letting me take the risk of running it. This behavior of the Microsoft email programs is a horrible flaw and a major vulnerability. It is not the user’s fault, as many people suggest.

And another thing Why do these stupid anti-virus hacks for mail servers (it seems to be Exchange mostly) insist on sending an error message to the ‘sender’ informing them that they tried to send a message containing a virus. This is idiotic behavior and only clogs up systems and confuses users even more. The worms forge the address! So the stupid mail server sends a zillion error messages to users that are not the source of the email virus and then tells all those users that they are infected with a virus when they very well may not be infected at all. The poor user freaks out for no reason and tons of mail servers all over the net deal with bogus error messages. Software Developers: If your mail server code detects a virus, dump the mail in the bit bucket. There is no use in replying to that email. Your software has already determined the message is bogus!