Click Here
home features news forums classifieds faqs links search
6071 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
» Home
» Features
» News
» Forums
» Classifieds
» Links
» Downloads
Extras
» OS4 Zone
» IRC Network
» AmigaWorld Radio
» Newsfeed
» Top Members
» Amiga Dealers
Information
» About Us
» FAQs
» Advertise
» Polls
» Terms of Service
» Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
28 crawler(s) on-line.
 73 guest(s) on-line.
 0 member(s) on-line.



You are an anonymous user.
Register Now!
 Kremlar:  8 mins ago
 Rob:  11 mins ago
 Gunnar:  21 mins ago
 dirkzwager:  34 mins ago
 clint:  40 mins ago
 vox:  46 mins ago
 pixie:  58 mins ago
 NutsAboutAmiga:  1 hr 2 mins ago
 zipper:  1 hr 38 mins ago
 Templario:  1 hr 43 mins ago

Miscellaneous News   Miscellaneous News : Yet another MyDoom variant?
   posted by vortexau on 11-Feb-2004 14:58:45 (2317 reads)
From ABC NEWS On Line comes this story on MyDoom.C which appears to exploit traces of the earlier variants which linger on already-infected systems to attack Microsoft's own servers!


Quote:
. . . the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm. Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said.



Here's another report on eWEEK NEWS that suggests that some disruptions were caused to Microsoft.com on Sunday night and Monday morning:
Quote:
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory! . . . this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., . . . it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb
    

STORYID: 1207
Related Links
· More about Miscellaneous News
· News by vortexau


Most read story about Miscellaneous News
DiscreetFX Partners Makes an Urgent Appeal to the Amiga Community

Last news about Miscellaneous News
Passione Amiga issue 17 released
Printer Friendly Page  Send this Story to a Friend

PosterThread
mbilla 
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 18:20:15
#1 ]
Super Member
Joined: 25-May-2003
Posts: 1369
From: EU

I read yesterday that Doomjuice infects the computers that had the
MyDoom and MyDoom.B virii on them via an opened port (opened by
MyDoom)) This new virus is for destroying all traces left my the
MyDoom virii.
The MyDoom virus installs the source code of itself on the infected
computer and Doomjuice installs this code on the infected computer in
a way that that one thinks the virus was developed on this computer.
So the guys who try to trace back the MyDoom virus just do find wrong
origins.

I must say that these programmers are really smart. In fact it is a
very good strategy.
Instead of hunting them why not give them good jobs as programmers?


_________________
A computerworld without MS products and Windows!
Connect your Amigas ...
...The Red ONE-A1XE G4 - A3000T- A3000 - A4000 - A2500- A1000 - A600 - CDTV - CD32...
and your PDAs and laptops ...
Psion 5mx Pro - Psion NetBook - Apple iPhone - MacBook Pro

 Status: Offline
Profile     Report this post  
Roj 
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 23:59:59
#2 ]
Member
Joined: 18-Nov-2003
Posts: 69
From: The Avatar Contains a Vital Clue

Because rewarding criminals just isn't the way to go. It's the same reason law enforcement doesn't negotiate for hostages. Give the captors the cash they demand and let them go, and the next morning another goon will read in the papers that it's a great way to make fast cash and start his/her insipid gears turning.

If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs.


_________________
Ideas on the Internet are like pictures of my family. Snap enough of them off and eventually one of them will be worth keeping.

 Status: Offline
Profile     Report this post  
mbilla 
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 8:45:40
#3 ]
Super Member
Joined: 25-May-2003
Posts: 1369
From: EU

Quote:
If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs.


Rumors on internet are saying the Mydoom & Co. virus was setup by SCO themselves!!!!

Just to gain more time in the process against IBM in order to collect more evidence which they still couldn't show up after their 60 days were over.


_________________
A computerworld without MS products and Windows!
Connect your Amigas ...
...The Red ONE-A1XE G4 - A3000T- A3000 - A4000 - A2500- A1000 - A600 - CDTV - CD32...
and your PDAs and laptops ...
Psion 5mx Pro - Psion NetBook - Apple iPhone - MacBook Pro

 Status: Offline
Profile     Report this post  
herewegoagain 
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 12:15:24
#4 ]
Elite Member
Joined: 8-Jan-2003
Posts: 3270
From: Charlotte, NC

Quote:
Rumors on internet are saying the Mydoom & Co. virus was setup by SCO themselves!!!!


Well, according to CNN, it targets both Microsoft and SCO's server to attempt to bring them down. I have to wonder if SCO would try to take their own servers out of commission just to delay some legal process.

http://www.cnn.com/2004/TECH/internet/02/01/mydoom.reut/index.html

http://www.cnn.com/2004/TECH/internet/02/09/new.worm.reut/index.html

 Status: Offline
Profile     Report this post  
vortexau 
Re: Yet another MyDoom variant?
Posted on 13-Feb-2004 14:08:34
#5 ]
Elite Member
Joined: 10-Mar-2003
Posts: 2651
From: . . outside the Pod-bay; Australia

Here's more from ZDNet Australia-
Quote:
Two worms that take advantage of computers whose security has already been compromised started spreading on Monday, antivirus software companies warned.

The two opportunistic programs--dubbed [b]Doomjuice and Deadhat--threatened only those users still infected with a version of the MyDoom virus, and didn't pose a major problem for businesses, which had previously cleaned systems infected with the virus, the companies said.

"There are only about 50,000 or 75,000 machines left that are infected," said Vincent Gullotto, vice president for antivirus and vulnerability emergency response team at Network Associates.

The last line of this article says: "Deadhat also spreads through the peer-to-peer file sharing program SoulSeek."


_________________
-vortexau, who's A1 XE-G4 remains at half-RAM !
A2000HD (from 1991) 060 64Mb PicassoII with OS3.5 . . . still working.

 Status: Offline
Profile     Report this post  
[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle