MyDoom.C Making Its Way Across The Net
Iphtashu Fitz writes "eWeek is reporting that the latest variant of MyDoom is now making its way across the internet and may have been responsible for some disruptions to Microsofts website over the weekend. This new variant apparently doesn't spread via e-mail but instead scans for machines with an open TCP port 3127. This version appears to be a very stripped down version of its earlier cousins since it also doesn't leave a backdoor into infected machines nor does it have a shutoff date for when to stop attacking Microsoft." Reader billstewart adds links to reports at Australia's ABC News and carried by Reuters; Unloaded adds a link to CNET's coverage.
What a stupid name for a virus. The writer must be planning to get caught.
I would think that mydoom.c would be the source file, so it should be alot easier to reverse engineer.
./mydoom
gcc mydoom.c -o mydoom
Unknown host pong.
This is the perfect opportunity for someone to fix American Idol, by getting all those zombie computers to dial and vote for their favorite singers!
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Yeah, port 3127 is used for DoS attacks on Microsoft. Its best to leave it open.
contact sysadmins of appropriate networks
...
Tech: Hello? Is this the system administrator of the house?
Dad: Jimmy? It's a call for you.
Tech: Hello, are you the system administrator of the hose?
Jimmy: Yes, but my friends in school call me Jimmy.
Tech: Okay, Jimmy. We've detected that your house has a computer that's infected by a virus.
Jimmy: Comuputers can catch colds?
Tech:
After MyDoom.c we can probably expect MyQuake.a, as well as a sequel MyQuake.b... and maybe even MyReturnToCastleWolfenstein.a Unfortunately MyDoom.3d will only run on the latest graphics cards and DirectX9 hardware... and will spend years in development. Andy better not be working at id
READY.
PRINT ""+-0
Awww, but it said "I Love You."
How could it be harmful if it says "I love you"?
A Microsoft spokesman said Monday that any performance problems on the company's site are likely related to countermeasures the company took to evade the MyDoom.B DDoS attack and not an attack from machines infected with the latest variant."
So in other words, to prevent MyDoom from DDoSing Microsoft's website, Microsoft decides to DDoS themselves instead. What a wonderful world!
Carpe Diem: Seize The Day!
First Half Life 2, now the C source of Doom 3 is out in the wild... Damn, now we'll never see these games.
to make sure a virus/trojan didnt find its way on to my wifes
Learn how to use the apostrophe key. Else you might get misunderstood.
I heard Romero has been working on the MyDaikatana.a worm for the past five years. Unfortunately, he released it into the wild and nobody noticed; it apparently couldnt spread.
Manipulate the moderator system! Mod someone as "overrated" today.
You know when you feel like you have something really clever to say and want to say it really bad cuz you think its so amazing?
Here it is!
Why dont I create a machine that will fix your car for you too, and mow your lawn, and take out your trash and solve that pesky virginity problem of yours?
Because thats why WOMEN were invented! They solve all of the worlds problems! Go away from your computer, and find a woman who will download the new anti-virus definitions for you and solve the rest of your problems!
Now to all the women out there: YES, I am avaliable, please send me your resume containing important skillsets outlined above.
(but seriously, I am going to die alone)
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Next thing you know, we'll see this on Windows Update:
MyDoom.C - A critical update for the MyDoom virus is now available. This update fixes the flaw that prevented infected machines from launching DOS attacks at microsoft.com past the expiry date. Install this update if you need microsoft.com DOSing capabilities.
Subject: Clickety-click!
Attachment:clickety.exe
Text:
Yeah, you know, the files you axed me for.
<SmallerFont>
By starting the attached file, you agree to: A) have remote administration software installed on your computer, B) allow that remote administration software to replicate to other computers as well, C) have a mail relay installed on your computer, D) have software that might conflict with the remote administration software (e.g. anti-virus software) disabled, E) you're not reading this anymore, are you? F) have updates to the remote administration software automatically installed, G) this text is so boring, H) even if that updates fundamentally alter the functionality of the software (e.g. DDOS the shit out of macrohard.com or dashslot.org) I) why not check out the nice file i sent you instead. J) you agree to never sue the author or distributor of this remote administration software for anything. K) no, really. the file is so nice - maybe it even makes funny sounds when you click it? L) neither anyone who uses your computer to send electronic mail, no matter what quantity or content.
</SmallerFont>
We all know, nobody reads those EULAs
Free as in mason.
MyDukeNukeMForever.A
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
do we have to wait for myDoom.z to come out before we start on numbers? i'm still waiting for myDoom 3 to finally get released over here ;)
Virus-writers don't get to name their viruses, the anti-virus companies do that.
Well you seem to be making one mistake....
The virus writers ARE the anti-virus companies!
"Maybe that's because the name [..] was already taken.
:(, i SO wanted to release a virus named linux.vbs and watch the heated exchanges on slashdot burn a hole out of the bottom of my monitor :D
thats too bad