A new variant of the “Mydoom” virus is blocking millions of infected computers worldwide from accessing ad servers managed by DoubleClick
, FastClick, Atlas DMT and others.
The worm does not launch a denial-of-service attack on these servers. Rather, it prevents the infected computer from communicating with those servers by altering their IP addresses to a number that is unreadable by browsers.
“The hosts file in the infected machines will be modified so that domains belonging to [blocked sites] are resolved to the IP address 0.0.0.0, rendering them inaccessible,” reported security firm F-Secure in a statement about the worm’s properties.
It was not immediately clear what effect the virus would have on the performance of interactive campaigns, but theoretically at least, it could greatly reduce the number of ads these companies are able to serve for clients.
DoubleClick said it hasn’t seen an impact thus far, and the company downplayed the significance of the virus for interactive campaigns, describing the interruption of ads as only one of a wide range of potential ill effects.
“Any user with a PC infected by a virus is going to experience multiple problems across the boards,” said a spokesperson for the ad technology firm. “Breakage in ad serving is just one possibility.”
None of the other major ad servers affected by the worm was immediately available for comment.
Security firms estimated the variant virus and its parent have jointly infected millions of hosts. Their level of seriousness has been rated at highest or second-highest levels by major security firms Symantec and ISS X-Force.
“MyDoom.b may have just multiplied the full impact of MyDoom.a a few fold,” said D.K. Matai, executive chairman of U.K.-based risk assessment firm mi2g. “We know that many large and small organizations, as well as homes, are struggling to cope with the deluge of e-mails originating from the A variant infections never mind the arrival of B, which shows signs of being just as vicious.”
The effects of this particular worm are wide ranging, and so far its most publicized effects include denial-of-service attacks on sco.com and microsoft.com, as well as blocked access to anti-virus update sites like symantec.com and mcafee.com. It is scheduled to attack Microsoft’s site on February 3, and www.sco.com on February 1.
There is no such delay for the ad server silencing functions. Infected computers are already blocking these sites.