Slashdot Mirror

← Back to Stories (view on slashdot.org)

MyDoom.C Making Its Way Across The Net

Posted by timothy on from the funny-it-isn't-affecting-me dept.

Iphtashu Fitz writes "eWeek is reporting that the latest variant of MyDoom is now making its way across the internet and may have been responsible for some disruptions to Microsofts website over the weekend. This new variant apparently doesn't spread via e-mail but instead scans for machines with an open TCP port 3127. This version appears to be a very stripped down version of its earlier cousins since it also doesn't leave a backdoor into infected machines nor does it have a shutoff date for when to stop attacking Microsoft." Reader billstewart adds links to reports at Australia's ABC News and carried by Reuters; Unloaded adds a link to CNET's coverage.

40 of 519 comments (clear)

  1. MyDoom by Paleomacus · · Score: 5, Funny

    What a stupid name for a virus. The writer must be planning to get caught.

    1. Re:MyDoom by JoshWurzel · · Score: 4, Funny

      I'm sure if the file you sent out was called "thisvirusisnamedJim.vbs", it would be called Jim.

    2. Re:MyDoom by Anonymous Coward · · Score: 2, Funny

      What a stupid name for a virus. The writer must be planning to get caught.

      It's named MyDoom because he misspelled mydomain as mydoomain or something like that.

    3. Re:MyDoom by null-sRc · · Score: 4, Funny

      the next variant will be: ..MyDocuments...?

      *shrugs*

      --
      -judging another only defines yourself
    4. Re:MyDoom by Anonymous Coward · · Score: 1, Funny

      MyDoom got its name from a typo

      Aha! Obviously, the author is a Slashdot editor!

  2. My poor firewall logs by Anonymous Coward · · Score: 2, Funny

    My poor firewall logs, oh why does DoomJuice hate thee.

  3. mydoom source by k4_pacific · · Score: 4, Funny

    I would think that mydoom.c would be the source file, so it should be alot easier to reverse engineer.

    gcc mydoom.c -o mydoom ./mydoom

    --
    Unknown host pong.
    1. Re:mydoom source by Comatose51 · · Score: 5, Funny

      The day when someone can pass the source code for a virus around and tell people how to compile and then run it in the email is the day I lose faith in humanity, which given what has transpired already isn't too far off. :-)

      --
      EvilCON - Made Famous by /.
    2. Re:mydoom source by KillerHamster · · Score: 4, Funny

      It's often commented that the additional steps required to execute a file on Linux would likely prevent a Linux virus from taking off in the way Windows viruses often do. However, if Linux is ever widely adopted on the desktop, given the proven stupidity of the majority of computer users, I wouldn't be too surprised to see that happen.

      Subject: "Awesome Linux screensaver!"
      Body: "Check out this awesome screensaver! Follow the steps below to install it. If you can, it would be helpful to switch to your root account first."

      1. Save the attached file to your home directory.
      2. Open a command prompt window.
      3. Type: gunzip screensaver.tar.gz
      4. Type: tar xvf screensaver.tar
      5. Type: cd screensaver
      6. Type: make
      7. Type: ./install

  4. Target American Idol !!! by simetra · · Score: 5, Funny

    This is the perfect opportunity for someone to fix American Idol, by getting all those zombie computers to dial and vote for their favorite singers!

    --

    "Would it kill you to put down the toilet seat?" -- Maya Angelou
  5. Re:Any legit use for 3127? by nmoog · · Score: 5, Funny

    Yeah, port 3127 is used for DoS attacks on Microsoft. Its best to leave it open.

  6. Re:Is it just getting started? by LostCluster · · Score: 4, Funny

    contact sysadmins of appropriate networks

    Tech: Hello? Is this the system administrator of the house?
    Dad: Jimmy? It's a call for you.
    Tech: Hello, are you the system administrator of the hose?
    Jimmy: Yes, but my friends in school call me Jimmy.
    Tech: Okay, Jimmy. We've detected that your house has a computer that's infected by a virus.
    Jimmy: Comuputers can catch colds?
    Tech: ...

  7. MyQuake by Neo-Rio-101 · · Score: 5, Funny

    After MyDoom.c we can probably expect MyQuake.a, as well as a sequel MyQuake.b... and maybe even MyReturnToCastleWolfenstein.a Unfortunately MyDoom.3d will only run on the latest graphics cards and DirectX9 hardware... and will spend years in development. Andy better not be working at id

    --
    READY.
    PRINT ""+-0
    1. Re:MyQuake by grolschie · · Score: 4, Funny

      MyDoom.III will no doubt be vaporware though. :-)

    2. Re:MyQuake by b0r0din · · Score: 5, Funny

      MyDoom.Forever!

    3. Re:MyQuake by _Sprocket_ · · Score: 4, Funny


      MyDoom.III will no doubt be vaporware though. :-)

      Although some networks will allow you to be pre-infected with an empty shell virus that will automatically download and install MyDoom.III when it begins to spread.
    4. Re:MyQuake by PhyreFox · · Score: 2, Funny

      MyQuake.c will be primarily used to stress-test machines and then post the results everywhere it can.

      --
      My words are backed with NUCLEAR WEAPONS!
  8. Re:Dumbass alert by Anonymous Coward · · Score: 4, Funny

    Awww, but it said "I Love You."
    How could it be harmful if it says "I love you"?

  9. YourDoom is MyDoom by Anonymous Coward · · Score: 1, Funny

    "And in international news, a new virus called W32.thisvirus.A@mm is infecting it's way through email. . ."

  10. Re: Seems to be doing some damage already. by Black+Parrot · · Score: 2, Funny


    > My girlfriend's been complaining that she can't get onto MSN all night

    Shucks, you two will just have to find another way to while away the hours.

    (Write me if you need suggestions. I can do ASCII art for the complicated stuff.)

    --
    Sheesh, evil *and* a jerk. -- Jade
  11. No, it's an "open sores" virus by yerricde · · Score: 2, Funny

    No, Doomjuice is an open sores virus, as it utilizes an open sore (that is, port 3127) left by MyDoom.A to get in.

    --
    Will I retire or break 10K?
  12. Re:When will someone use this to their advantage? by laugau · · Score: 2, Funny

    The MyDoom API is documented in RFC 3128. You can also look at the javadocs. It's all in there.

  13. Wonderful by ngyahloon · · Score: 5, Funny

    A Microsoft spokesman said Monday that any performance problems on the company's site are likely related to countermeasures the company took to evade the MyDoom.B DDoS attack and not an attack from machines infected with the latest variant."

    So in other words, to prevent MyDoom from DDoSing Microsoft's website, Microsoft decides to DDoS themselves instead. What a wonderful world!

    --
    Carpe Diem: Seize The Day!
  14. crap by MisterFancypants · · Score: 5, Funny

    First Half Life 2, now the C source of Doom 3 is out in the wild... Damn, now we'll never see these games.

  15. Re:Dumbass alert by ePINOY · · Score: 2, Funny

    But it said "I love you!" !!! ;)

    --
    suteki!
  16. Re:Any legit use for 3127? by lakeland · · Score: 5, Funny

    to make sure a virus/trojan didnt find its way on to my wifes

    Learn how to use the apostrophe key. Else you might get misunderstood.

  17. How about..... by rspress · · Score: 3, Funny

    How about MyWindows.xp?

    Actually Microsoft should be advertising the fact that it is the best OS on the planet for virus development and deployment. It would look good on the Windows vs Linux propaganda.

  18. MyDaikatana by t0ny · · Score: 5, Funny

    I heard Romero has been working on the MyDaikatana.a worm for the past five years. Unfortunately, he released it into the wild and nobody noticed; it apparently couldnt spread.

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

  19. it really makes you think... by Anonymous Coward · · Score: 1, Funny

    What if someone wrote a virus to target Macs? There are literally hundreds, if not thousands, of people using Mac's these days and many of them are connected to the Internet. A Mac virus of the MyDoom type could cause a pretty big problem somewhere like an art school or a large interior decorating firm. Just something to think about...

  20. New MyDaikatana Release Date by Eradicator2k3 · · Score: 3, Funny

    Hey guys, I just heard from a guy who got infected by the romero.a worm that MyDaikatana is supposed to make us its bitch in 2005. Although the romero.b, .c and .d variations claim the same thing for 2006, 2007 and 2008, respectively.

    --
    Mr. T pitied this fool on 27 July 1992.
  21. Re:What about a CodeBlue variant? by mrtroy · · Score: 5, Funny

    You know when you feel like you have something really clever to say and want to say it really bad cuz you think its so amazing?

    Here it is!

    Why dont I create a machine that will fix your car for you too, and mow your lawn, and take out your trash and solve that pesky virginity problem of yours?

    Because thats why WOMEN were invented! They solve all of the worlds problems! Go away from your computer, and find a woman who will download the new anti-virus definitions for you and solve the rest of your problems!

    Now to all the women out there: YES, I am avaliable, please send me your resume containing important skillsets outlined above.

    (but seriously, I am going to die alone)

    --
    [I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
  22. Wow, a virus that updates itself over the network by codemachine · · Score: 4, Funny

    Next thing you know, we'll see this on Windows Update:

    MyDoom.C - A critical update for the MyDoom virus is now available. This update fixes the flaw that prevented infected machines from launching DOS attacks at microsoft.com past the expiry date. Install this update if you need microsoft.com DOSing capabilities.

  23. i can see it now ... by LittleBigLui · · Score: 4, Funny
    If it's making changes to PCs without their owners' permission, no matter what the motive, it's viral code, by definition.


    Subject: Clickety-click!

    Attachment:clickety.exe

    Text:

    Yeah, you know, the files you axed me for.

    <SmallerFont>
    By starting the attached file, you agree to: A) have remote administration software installed on your computer, B) allow that remote administration software to replicate to other computers as well, C) have a mail relay installed on your computer, D) have software that might conflict with the remote administration software (e.g. anti-virus software) disabled, E) you're not reading this anymore, are you? F) have updates to the remote administration software automatically installed, G) this text is so boring, H) even if that updates fundamentally alter the functionality of the software (e.g. DDOS the shit out of macrohard.com or dashslot.org) I) why not check out the nice file i sent you instead. J) you agree to never sue the author or distributor of this remote administration software for anything. K) no, really. the file is so nice - maybe it even makes funny sounds when you click it? L) neither anyone who uses your computer to send electronic mail, no matter what quantity or content.
    </SmallerFont>

    We all know, nobody reads those EULAs :)
    --
    Free as in mason.
  24. The ULTIMATE Vaporware Virus by rock_climbing_guy · · Score: 4, Funny
    Here is the ultimate Vaporware Virus:

    MyDukeNukeMForever.A

    --
    Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
    1. Re:The ULTIMATE Vaporware Virus by Anonymous Coward · · Score: 2, Funny

      It's NOT vaporware! It will be released WHEN IT'S DONE. We just had to change the virus engine from vbs to C#.NET, but it's going to be the best virus EVER. Full freedom for the user: want to send the virus to your mother, your cousin, your boss, or some random loser on /.? With MyDukeNukeMForever.A, this will not only be possible, but it'll be reality! It's going to revolutionise the way people think about viruses.

      Oh, and it'll have full 256 colour VGA!

  25. Re:Part of the story? by rgigger · · Score: 2, Funny

    uh... Microsoft can't "tail" their http logs

  26. myDoom[a-z] by MrBallistic · · Score: 4, Funny

    do we have to wait for myDoom.z to come out before we start on numbers? i'm still waiting for myDoom 3 to finally get released over here ;)

  27. Why are you contradicting yourself? by sheapshearer · · Score: 4, Funny

    Virus-writers don't get to name their viruses, the anti-virus companies do that.

    Well you seem to be making one mistake....

    The virus writers ARE the anti-virus companies!

  28. Re:Nimda by Cynikal · · Score: 4, Funny

    "Maybe that's because the name [..] was already taken.

    thats too bad :(, i SO wanted to release a virus named linux.vbs and watch the heated exchanges on slashdot burn a hole out of the bottom of my monitor :D

  29. You realize, of course.... by KC7GR · · Score: 2, Funny

    ...That the image of Einstein on the Slashdot header for this article isn't really an image of Einstein. Noooo, not at all. It's actually a composite representation of what SysAdmins worldwide look like after they get through battling Yet Another Worm, applying the Redmond Empire's Patch(es)-of-the-Month, reminding Clueless (L)users not to click on the pretty executable that came in their E-mail... well, you get the idea...

    --

    Bruce Lane, KC7GR,

    Blue Feather Technologies