In January, 1,323 reports were submitted to IPA, and the number decreased consecutively compared from November (1,786 reports) and December (1,452 reports), 2003. The new virus W32/Mydoom became the worst in only five days since it appeared. At that time, the number of reports submitted had reached 245 . This was followed by W32/Klez having 243 reports and W32/Mimail having 150 reports.

Using a more smart trick for infection! - W32/Mydoom

In January, New viruses emerged successively. One was W32/Bagle virus which emerged on 27, and the other was W32/Mydoom virus which emerged on 27. These viruses were delivered by E-mails whose subjects were written in English, for example "Hi", "Error", "Hello", and so on. These viruses spread their infections through attachment files.

  Furthermore, if the recipient open the attachment file by accident, Windows Calculator or Notepad is actually launched. The recipients will not be aware of their infection by this trick.

When infected with virus, mails that have the virus attached are sent to all the addresses stored in the computer. W32/Mydoom is designed to stop its activity on February 12, 2004.

To prevent this type of infection, it is important not to open an attachment file easily. This is the basic countermeasure to viruses.

28 reports were submitted to IPA in January 2004, and it was almost the same as December 2003 having 29 reports. The number of damaged reports were 8 . Among them, there are three reports for intrusion, two for unauthorized mail relay, one for source address spoofing, one DoS (Denial of Service), and one unauthorized usage of ID.

Among these reports, we have to pay attention to the following cases.

• The account used for the deployment of the system was left and it had a weak password. As a result, malicious people logged in with that account and intruded the system.
• A password which was easy to guess was set in the personal computer. It was used to log in to the ISP, and the mails were read.
• The setting on the mail server in one company allowed employee to send mails that have domain names of popular ISP other than the company. As a result, advertising mails that had the domain names of the ISP were sent to all the addresses outside the company.

As these cases show, improper setting and poor management of IDs and password could cause the damage. If the password is guessed or stolen, it could be the cause of leakage of personal information, intrusion into internal LAN by spoofing, and sending mails automatically. So, It is essential to reconfirm the importance of the password.

• “The Guideline for Password Management (in Japanese)” (for System Administrators) http://www.ipa.go.jp/security/fy14/contents/soho/html/chap1/pass.html
• “How to handle your password (in Japanese)”(for end users) http://www.ipa.go.jp/security/crack_report/20020606/0205.html

--- Check with Anti-Virus software instead of your eyes ---

W32/Bagle and W32/Mydoom viruses emerged in January will not infect without opening the attachment file. But they were spread widely. The main reason of this may be that many people opened the attachment files as confused with the appearance of the attachment file or the body of the mail.

To avoid infection damage, don't open the attachment file and use the anti-virus software to find the virus quickly. It is essential to use the anti-virus software with the latest version of virus detecting data file and update it constantly.

• “Information about Anti-Virus Software (in Japanese)”
  http://www.ipa.go.jp/security/antivirus/vacc-info.html

The details are as follows;

• Computer virus Incident Report [Details]
  Unauthorized Computer Access Incident Report [Details]

Information-technology Promotion Agency IT Security Center (IPA/ISEC)
Tel:+81- 3-5978-7508
Fax:+81- 3-5978-7518
E-mail: