A criminal attack

Portugal is one of the five countries most severely affected by the MyDoom computer virus, a virulent ‘worm’ that has spread more quickly than any other virus in the history of information technology. The virus has led to severe delays in the sending and receipt of emails and has overloaded the internet, creating a logjam. In addition, experts fear it could have opened the door to computer hackers gaining access to secret files.

“It’s safe to assume that many information systems in Portugal and Spain were gravely infected,” commented David Sancho, co-ordinator of Trend Micro, an anti-virus firm. “It is almost impossible to appreciate the damage caused by this virus at the moment, especially since the attack is still ongoing.” Portugal was one of the worst affected countries principally because of the attitude of some users, according to Paulo Silva, from Panda Software, a multinational anti-virus software firm. “As a nation, we are careless in that we open every e-mail that appears and frequently do not bother to install anti-virus systems,” he maintained.

The virus has affected hundreds of Portuguese companies, but larger corporations have generally been better prepared to deal with the virus. However, there have been exceptions and one major banking institution has already requested additional IT security. Portugal’s national airline, TAP, escaped relatively unscathed. A source from the airline said: “We have had a great deal of work, but our IT team was able to contain the attacks. No vital services have been undermined, but we will have to make an account of what has happened.”

The virus, that has already infected millions of computers, arrives via e-mail and uses a list of addresses installed in the machine in order to multiply. It is believed that the virus emanates from someone in Russia. The next attack was set for this Wednesday targetting Microsoft, which has already offered a reward of 250,000 US dollars for information leading to the jailing of the virus’ creator. Brad Smith, Microsoft’s legal adviser, said the virus represented “a criminal attack”.

One of the virus’ curiosities is that, according to David Sancho, it avoids infecting certain organisations of a technological nature, as well as American governmental institutions. He says this may be a way of protecting the author from prosecution on the basis of the anti-terrorist ‘Patriot Law’.

The MyDoom virus was first detected on the afternoon of January 26 and has spread through more than 220 countries, infecting one in 12 e-mails, according to businesses that have monitored the virus. The speed with which the contaminated e-mail spread generated intense traffic on the web, leading to paralysed servers and severe delays in receiving messages. But another more serious effect of the virus could be that it opens a virtual back door to the computer, permitting remote users to gain access to the computer’s hard-drive. Paulo Silva believes it is very probable that IT ‘pirates’, who have no connection to the authors of the virus, may take advantage of these access points in order to spy on the contents of computers.

Users should beware of an e-mail that might say ‘Mail Delivery System Error’, informing users of a supposedly ‘bounced’ e-mail. It has a file attachment that can be called a document, readme, text, file or data and with extensions .pif, .scr, .exe, .cmd, .bat or .zip.

Users are also advised to install an anti-virus program and make backups of important files. They should never automatically open all e-mail attachments and they should download or purchase software only from trusted, reputable sources. In the meantime, users should access anti-virus sites (like Panda Software or Symantec) and download the free ‘firewall’ software. This should protect them for a period of time, generally 30 days, until they acquire a more lasting anti-virus program.