All the latest UK technology news, reviews and analysis
|
|
|
10 Feb 2004
Systems infected with MyDoom.A over the past month are being hit by new malware via the backdoor, as the worm delivers its second payload.
The new code, named Doomjuice, instructs infected machines to launch a distributed denial of service attack (DDoS) against Microsoft.
The move is an attempt to harness infected systems with compatible code, and suggests that it comes from the same authors.
"This proves to us that this and Mydoom.A are written by the same people," said Mikko Hypponen, director of antivirus research at F-Secure.
"The source code of MyDoom.A has not been seen circulating in the underground before."
MyDoom.A began scanning random IP addresses looking for infected machines on 9 February. Once the worm finds one it accesses via port 3127 and writes itself onto the Windows System Directory as 'intrenat.exe'.
In addition to the DDoS attack Doomjuice finds the source code for MyDoom.A and archives it within infected systems.
Antivirus firms are monitoring the spread of Doomjuice and are advising customers to update virus signatures and run system scans.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Onsite IT Support Technician / Manager - Leek - circa...
Lead Infrastructure Engineer (Microsoft) – Hosted Services...
Hi Greetings, Job Title : Business Analyst Location...
Magento Senior Developer, London : Magento / PHP / CSS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?