Slashdot Mirror

← Back to Stories (view on slashdot.org)

MyDoom.C Making Its Way Across The Net

Posted by timothy on from the funny-it-isn't-affecting-me dept.

Iphtashu Fitz writes "eWeek is reporting that the latest variant of MyDoom is now making its way across the internet and may have been responsible for some disruptions to Microsofts website over the weekend. This new variant apparently doesn't spread via e-mail but instead scans for machines with an open TCP port 3127. This version appears to be a very stripped down version of its earlier cousins since it also doesn't leave a backdoor into infected machines nor does it have a shutoff date for when to stop attacking Microsoft." Reader billstewart adds links to reports at Australia's ABC News and carried by Reuters; Unloaded adds a link to CNET's coverage.

2 of 519 comments (clear)

  1. It attacks Microsoft? by Stupid+White+Man · · Score: 0, Flamebait

    It attacks Microsoft without a shut off date?

    Sooo.. uhhh... where... can... I ... download a copy of this virus?

    I'll spread that mofo across my network like SETI@home.

    ATTACK!

  2. Re:Port 25 by RT+Alec · · Score: 1, Flamebait
    Haven't you denial-of-information-service people

    I certainly don't wish to deny information. Mail servers on consumer level accounts simply cause too many problems. For every properly functioning mail server behind a dialup/cable modem/residential DSL, there are 100s, if not 1000s of improperly configured servers, with almost no accountability. I am referring primarily to infected Windows machines, that like it or not, act like a mail server. Then there are the casual hobbyists that test Exchange wide open because they don't know any better, or the home user that installs WinGate and becomes an unwitting haven for spammers.

    If you want to run a mail server, at least get a static IP so you can be held accountable for any improper use of the Internet you might engage in (providing a resource for spammers is considered improper).

    If port 25 is blocked, we'd just get SMTP-over-HTTP

    I'm not sure what you mean by that. For e-mail to be recieved, it eventualy arrives at the recipient's SMTP server on port 25. That is what I advocate blocking-- port 25 traffic from residential accounts. It does not matter if the message floats around the Internet on various ports, what matters is that infected Windows machines cannot directly connect to SMTP servers via port 25.