Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Mydoom virus: some Canadian firms were ready for it
Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

February 2, 2004

Already labelled as the one of the most damaging worms ever, the Mydoom malicious code is proving to be a boon for hackers and spammers but of little consequence to those Canadian companies that took security up a notch after last year's spate of worms.

The Bank of Montreal (BMO), a company which was already replete with security technology, has "incorporated the lessons learned last year," said Robert Garigue, the financial institution's Toronto-based chief information security officer. "There has been a transformation."

Last year's Slammer and Blaster worms, referred to as a "shot over the bow" by Symantec Canada's general manager Michael Murphy, were a painful lesson that convinced many companies to pay more attention to security.

Carigue said BMO is doing a better job of patch management, monitoring the currency of its applications, operating systems and antivirus management.

The resultant system "is a series of rings to ensure as much defence as possible," Garigue said.

Mydoom was "filtered off at the gateway," he said, though BMO security experts did see "indications of it arriving." Since BMO quarantines all e-mail attachments (it sends recipients a notice that they can retrieve the attachment if needed), Mydoom was ineffectual. But even if an infected laptop had made it through, internal systems would have picked up on the abnormal behaviour of Mydoom trying to e-mail itself out. "We have agents that look for that kind of activity," Garigue said.

Unlike last year, Garigue said, this time around he and his counterparts at other Canadian financial institutions seem to have been unaffected. A spokesperson for the Royal Bank concurred, saying it was not affected by Mydoom.

Simon Tang, senior manager, security services with Deloitte in Toronto, said the small business and consumer markets were hardest hit since neither possess the multi-tiered defence systems that larger corporations have in place. Having said that, he agrees with the prognosis that it is one of the worst worms seen in recent years. "It is definitely spreading at a very fast pace, faster than Blaster," he said.

Kevin Krempulec, the Toronto-based Canadian channel manager for Symantec Corp., said at the end of Jan. 27 its statistics back up this conclusion. Of the 246 Mydoom submissions it received from Canadian customers, only 10 were from corporate clients.

Like most malicious code, a new variant soon followed. The b variant of the Mydoom has a rather tricky little bit of host file modification incorporated into it, Tang said. An infected computer is prevented from accessing most antivirus vendor's sites to download a fix. The list includes over 50 blocked sites. Though a user can enter the antivirus company's IP address in a browser address bar to circumvent the worm's intentions (or open the host file and delete the modification), this requires a level of tech savvy beyond most end users, he added.

Tang said that the true intention of Mydoom is a bit of a mystery. Both variants are designed to launch denial of service attacks (against sco.com and microsoft.com respectively) and both also are designed to leave ports (3127 to 3198) opened for hackers to access at a future date.

Krempulec said Symantec is already noticing an increase in activity on the Internet of 3127 port scans. There are hypotheses that the open ports, or back doors, on infected machines will be used by spammers as e-mail relays in the future but Krempulec said "it is hard to pinpoint the different motives for hackers and virus writers." Another concern is that hackers will install keystroke logging software on infected machines and steal user names and passwords.

Symantec and other antivirus vendors have a fix available that will delete Mydoom and close the opened ports. Mydoom is e-mail client agnostic and affects most all versions of Windows including 95, 98, NT, XP, Me and 2000. It is believed to have infected as many as 300,000 machines worldwide and is still spreading.

Source: IT World Canada

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer