Yet another MyDoom variant?
Date 11-Feb-2004 18:05:18 Topic: Miscellaneous News
| From ABC NEWS On Line comes this story on MyDoom.C which appears to exploit traces of the earlier variants which linger on already-infected systems to attack Microsoft's own servers!
Quote:
. . . the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm. Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said. |
Here's another report on eWEEK NEWS that suggests that some disruptions were caused to Microsoft.com on Sunday night and Monday morning: Quote:
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory! . . . this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., . . . it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb |
|
|