Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
|
|
|
|
From ABC NEWS On Line comes this story on MyDoom.C which appears to exploit traces of the earlier variants which linger on already-infected systems to attack Microsoft's own servers!
Quote:
| . . . the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm. Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said. |
Here's another report on eWEEK NEWS that suggests that some disruptions were caused to Microsoft.com on Sunday night and Monday morning:
Quote:
| When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory! . . . this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., . . . it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb |
|
|
|
|
|
| STORYID: 1207
|
| Poster | Thread |  mbilla
|  |
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 18:20:15
| | [ #1 ] |
| |
 |
Super Member
 |
Joined: 25-May-2003
Posts: 1369
From: EU | | |
|
| I read yesterday that Doomjuice infects the computers that had the
MyDoom and MyDoom.B virii on them via an opened port (opened by
MyDoom)) This new virus is for destroying all traces left my the
MyDoom virii.
The MyDoom virus installs the source code of itself on the infected
computer and Doomjuice installs this code on the infected computer in
a way that that one thinks the virus was developed on this computer.
So the guys who try to trace back the MyDoom virus just do find wrong
origins.
I must say that these programmers are really smart. In fact it is a
very good strategy.
Instead of hunting them why not give them good jobs as programmers?
_________________
A computerworld without MS products and Windows!
Connect your Amigas ...
...The Red ONE-A1XE G4 - A3000T- A3000 - A4000 - A2500- A1000 - A600 - CDTV - CD32...
and your PDAs and laptops ...
Psion 5mx Pro - Psion NetBook - Apple iPhone - MacBook Pro
|
| | Status: Offline |
| | Roj
| |
Re: Yet another MyDoom variant?
Posted on 11-Feb-2004 23:59:59
| | [ #2 ] |
| |
 |
Member
 |
Joined: 18-Nov-2003
Posts: 69
From: The Avatar Contains a Vital Clue | | |
|
| Because rewarding criminals just isn't the way to go. It's the same reason law enforcement doesn't negotiate for hostages. Give the captors the cash they demand and let them go, and the next morning another goon will read in the papers that it's a great way to make fast cash and start his/her insipid gears turning.
If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs.
_________________
Ideas on the Internet are like pictures of my family. Snap enough of them off and eventually one of them will be worth keeping.
|
| | Status: Offline |
| | mbilla
| |
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 8:45:40
| | [ #3 ] |
| |
|
Super Member
|
Joined: 25-May-2003
Posts: 1369
From: EU | | |
|
| Quote:
| If these guys really have quality skills, they can certainly go about getting hired on someplace through the normal channels, although I'd be willing to bet they already have decent jobs. |
Rumors on internet are saying the Mydoom & Co. virus was setup by SCO themselves!!!!
Just to gain more time in the process against IBM in order to collect more evidence which they still couldn't show up after their 60 days were over.
_________________
A computerworld without MS products and Windows!
Connect your Amigas ...
...The Red ONE-A1XE G4 - A3000T- A3000 - A4000 - A2500- A1000 - A600 - CDTV - CD32...
and your PDAs and laptops ...
Psion 5mx Pro - Psion NetBook - Apple iPhone - MacBook Pro
|
| | Status: Offline |
| | herewegoagain
| |
Re: Yet another MyDoom variant?
Posted on 12-Feb-2004 12:15:24
| | [ #4 ] |
| |
 |
Elite Member
 |
Joined: 8-Jan-2003
Posts: 3270
From: Charlotte, NC | | |
|
| | | Status: Offline |
| | vortexau
| |
Re: Yet another MyDoom variant?
Posted on 13-Feb-2004 14:08:34
| | [ #5 ] |
| |
 |
Elite Member
|
Joined: 10-Mar-2003
Posts: 2651
From: . . outside the Pod-bay; Australia | | |
|
| Here's more from ZDNet Australia-
Quote:
Two worms that take advantage of computers whose security has already been compromised started spreading on Monday, antivirus software companies warned.
The two opportunistic programs--dubbed [b]Doomjuice and Deadhat--threatened only those users still infected with a version of the MyDoom virus, and didn't pose a major problem for businesses, which had previously cleaned systems infected with the virus, the companies said.
"There are only about 50,000 or 75,000 machines left that are infected," said Vincent Gullotto, vice president for antivirus and vulnerability emergency response team at Network Associates. |
The last line of this article says: "Deadhat also spreads through the peer-to-peer file sharing program SoulSeek."
_________________
-vortexau, who's A1 XE-G4 remains at half-RAM !
A2000HD (from 1991) 060 64Mb PicassoII with OS3.5 . . . still working.
|
| | Status: Offline |
| |
|
|
[ home ][ about us ][ privacy ]
[ forums ][ classifieds ]
[ links ][ news archive ]
[ link to us ][ user account ]
|
22 crawler(s) on-line.
95 guest(s) on-line.
3 member(s) on-line.
