/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBernhard Warner
LONDON: A cyber dragnet aiming to flush out the author of the MyDoom computer worm intensified Friday as the outbreak crippled still more e-mail networks.
Investigators and security experts hoped their hunt would get a boost after Microsoft Corp. offered a $250,000 reward Thursday for information leading to the arrest and conviction of the creator of one variant, MyDoom.B.
The offer follows a similar $250,000 bounty from software firm SCO Group Inc . The "doom" viruses are programmed to unleash digital attacks aimed at overwhelming both firms' Internet sites starting this weekend.
"If there is a break, it will come from the bounties," said Mikko Hypponen, research manager at Finnish anti-virus firm F-Secure.
MyDoom.A, also known as Novarg or Shimgapi, emerged on Monday often masquerading as an e-mail error message from a "Mail Administrator" and other official-looking addresses that contains a file attachment.
Hundreds of thousands of computer users have clicked on the seemingly benign attachment, infecting their computers.
The attachment releases a program capable of taking over the victim's computer, experts warned, before scouring the Internet for more vulnerable machines.
The effect is a massive logjam of data traffic that bogs down e-mail servers and rejects many incoming and outgoing messages.
Computers running any of the latest versions of Microsoft's Windows operating system are at risk of being infected, although the worm does not exploit any flaws in Windows or software.
Patches capable of wiping the virus off a machine are available at anti-virus sites.
Friday, there was no sign of a let-up.
"It's still spreading voraciously. We've intercepted in excess of eight million viruses since the very first copy started Monday," said Paul Wood, chief information analyst with MessageLabs, an e-mail security firm.
After dissecting the malicious program, security experts got a little closer to unmasking the perpetrator. The author apparently signed the worm with the name "Andy" and left the message: "I'm just doing my job, nothing personal, sorry."
The first infected e-mails detected appear to have originated in Russia, but, Wood said, it was unclear if they were the engineers behind MyDoom or just early victims.
Nabbing virus writers is a difficult undertaking. Such clues have been used in the past to form a picture of the suspect. "Most often virus authors are caught when bragging about their exploits somewhere," said Wood.
Still, a series of bounties Microsoft placed on the heads of the Blaster and Sobig.F virus writers in November have come to nothing as chatter about their exploits has been scarce in the usual online forums.
Given the tight-lipped approach, security experts and police suspect the authors may be a new breed of virus writers that possibly have a connection to organized crime groups or spam e-mail peddling syndicates.
© Reuters