Click HereClick Here
home features news forums classifieds faqs links search
5241 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Channel: #Amigaworld
Channel Policy and Guidelines

(Uses JAVA Applet and Port 1024)
Visit the Chatroom Website

Who's Online
 48 guest(s) on-line.
 2 member(s) on-line.


 Rob,  DruggedBunny

You are an anonymous user.
Register Now!
 DruggedBunny:  1 min ago
 Rob:  4 mins ago
 AndreasM:  9 mins ago
 olegil:  11 mins ago
 Vanhapolle:  24 mins ago
 Drewlio77:  38 mins ago
 tommysammy:  1 hr 12 mins ago
 retro:  1 hr 19 mins ago
 BCP:  1 hr 23 mins ago
 Belxjander:  1 hr 45 mins ago

Miscellaneous News   Miscellaneous News : Yet another MyDoom variant?
   posted by vortexau on 11-Feb-2004 14:58:45 (1070 reads)
From ABC NEWS On Line comes this story on MyDoom.C which appears to exploit traces of the earlier variants which linger on already-infected systems to attack Microsoft's own servers!


Quote:
. . . the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm. Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said.



Here's another report on eWEEK NEWS that suggests that some disruptions were caused to Microsoft.com on Sunday night and Monday morning:
Quote:
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory! . . . this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., . . . it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb
    

Related Links
· More about Miscellaneous News
· News by vortexau


Printer Friendly Page  Send this Story to a Friend

PosterThread
mbilla 
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 18:20:15
#1 ]
Super Member
Joined: 25-May-2003
Posts: 1369
From: EU

I read yesterday that Doomjuice infects the computers that had the
MyDoom and MyDoom.B virii on them via an opened port (opened by
MyDoom)) This new virus is for destroying all traces left my the
MyDoom virii.
The MyDoom virus installs the source code of itself on the infected
computer and Doomjuice installs this code on the infected computer in
a way that that one thinks the virus was developed on this computer.
So the guys who try to trace back the MyDoom virus just do find wrong
origins.

I must say that these programmers are really smart. In fact it is a
very good strategy.
Instead of hunting them why not give them good jobs as programmers?

 Status: Offline
Profile     Report this post  
Roj 
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 23:59:59
#2 ]
Member
Joined: 18-Nov-2003
Posts: 69
From: The Avatar Contains a Vital Clue

Because rewarding criminals just isn't the way to go. It's the same reason law enforcement doesn't negotiate for hostages. Give the captors the cash they demand and let them go, and the next morning another goon will read in the papers that it's a great way to make fast cash and start his/her insipid gears turning.

If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs.

 Status: Offline
Profile     Report this post  
mbilla 
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 8:45:40
#3 ]
Super Member
Joined: 25-May-2003
Posts: 1369
From: EU

Quote:
If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs.


Rumors on internet are saying the Mydoom & Co. virus was setup by SCO themselves!!!!

Just to gain more time in the process against IBM in order to collect more evidence which they still couldn't show up after their 60 days were over.

 Status: Offline
Profile     Report this post  
herewegoagain 
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 12:15:24
#4 ]
Elite Member
Joined: 8-Jan-2003
Posts: 3270
From: Charlotte, NC

Quote:
Rumors on internet are saying the Mydoom & Co. virus was setup by SCO themselves!!!!


Well, according to CNN, it targets both Microsoft and SCO's server to attempt to bring them down. I have to wonder if SCO would try to take their own servers out of commission just to delay some legal process.

http://www.cnn.com/2004/TECH/internet/02/01/mydoom.reut/index.html

http://www.cnn.com/2004/TECH/internet/02/09/new.worm.reut/index.html

 Status: Offline
Profile     Report this post  
vortexau 
Re: Yet another MyDoom variant?
Posted on 13-Feb-2004 14:08:34
#5 ]
Elite Member
Joined: 10-Mar-2003
Posts: 2651
From: . . outside the Pod-bay; Australia

Here's more from ZDNet Australia-
Quote:
Two worms that take advantage of computers whose security has already been compromised started spreading on Monday, antivirus software companies warned.

The two opportunistic programs--dubbed [b]Doomjuice and Deadhat--threatened only those users still infected with a version of the MyDoom virus, and didn't pose a major problem for businesses, which had previously cleaned systems infected with the virus, the companies said.

"There are only about 50,000 or 75,000 machines left that are infected," said Vincent Gullotto, vice president for antivirus and vulnerability emergency response team at Network Associates.

The last line of this article says: "Deadhat also spreads through the peer-to-peer file sharing program SoulSeek."

 Status: Offline
Profile     Report this post  
[ home ][ about us ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright 2000 - 2014 Amigaworld.net.

Page took 0.100492 seconds to load.