New Worms Feed on MyDoom Infections

JJP writes "ZDNet Australia is reporting that two new worms, Doomjuice and Deadhat, are taking over computers previously infected by the MyDoom virus. Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work. Whilst the threat these two worms pose shouldn't be too big, both needing a MyDoom backdoor, it is still a novel way to spread a virus. In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war and steal confidential data from our computers."

Get a Mac

[BWJones]

This reminds me of that old ad which opens with a guy was trying to hook up his laptop at a huge meeting to start a presentation. He is having problems getting things to work and people are yelling suggestions from the audience: "Try c: start!" or something like that. This goes on for some time with different people yelling various suggestions and then at the very end when it appears things are not going to work, someone yells: "get a Mac!" The ad then fades out.... I suppose for the Linux crowd, the yell could be "get a Penguin" or "get a boxen", but the sentiment is the same: Do something.....Do anything......but do not continue to use that unsecured Windows box. You are wasting your time and you are wasting my time and costing companies, businesses and governments big time.

Re:Get a Mac

[Matey-O]

Bullshit. There's NO reason why a windows box can't be just as stable and secure as any alternative. None (and I mean ZERO) machines on our network were affected by any of the mydoom variants.

Sane creation of a network topology, email subsystem, proactive network monitoring, and general patch management is NECESSARY to operate a large internet connected environment, reguardless of the Operating System of Choice.

(and to head off the usual Mac'noids, show me a mac based application that scans, OCRs, and backs up to multiple Optical drives 20,000 documents an hour.)

Re:Get a Mac

[ealar+dlanvuli]

We are talking about end users, and yeah Windows security is abysmal.

Re:Get a Mac

[Frymaster]

could just be solved by not opening attachments.

anything else i should avoid doing? i think you amply illustrate the point that the virusmania has reduced the usability of windows.

with my linux box and mac i can do whatever i want - including open attachments... i bought a computer so i could use it.

is it possible for a binary file to open ports and send itself as an email attachment on a Mac?

do you mean, "can i telnet 25 to another host"? well, yes. i hope that was a rhetorical question.

if you mean, "can i fire up an mta and start spraying email all over creation"? then the answer is only if you have root. and if that virus has root... well, you've got bigger problems.

Re:Get a Mac

Again, parroted on slashdot numerous times -- why hit the less than 1/3 IIS installations out there when you can hit 2/3 with an Apache bug?

popularity isn't exactly directly related to the number of exploits it has. :)

Re:Get a Mac

[Some+Dumbass...]

Sane creation of a network topology, email subsystem, proactive network monitoring, and general patch management is NECESSARY to operate a large internet connected environment, reguardless of the Operating System of Choice.

You realize, of course, that the average computer user wouldn't even _understand_ this sentence, much less be able (or willing?) to implement your suggestions.

You may be right in theory, but for unskilled (read: average, normal) users in the real world, Macs are currently the safe choice. There are just fewer exploited vulnerabilities in Mac OS X than in Windows XP. So for now, "Get a Mac" isn't such bad advice, if only for practical reasons.

Re:Get a Mac

[dustman]

Find a bug in Apache that isn't patched within a day. Go ahead. I dare you.

Guarantee me that if I look I won't find an apache server which is months or years out of date. Go ahead. I dare you.

Re:Get a Mac

[BiggyP]

so, on linux, i'd download the attachment, run it through unzip, make the binary executable, then run it? not bloody likely, -1 for usability maybe, but definately +3 for safety around newbies.

of course i'm sure on KDE with some WINE integration it could be so much quicker and easier...

Re:AIM

[iLL_L0gic]

http://www.wired.com/news/infostructure/0,1377,622 51,00.html?tw=wn_tophead_7 Has nothing to do with it. What it has to do with is idiot people clicking "Yes" on the installation of an ActiveX control that installs spyware on their system. I'd say that's still the easiest way to get a virus installed on a windows box, end users always click yes. :)

Cyber war? Puleeeze

[saskboy]

"In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war..."

If organized crime was looking to steal data, all they had to do is ask people. Hundreds of people hand over their eBay, PayPal, and credit card information every day to phisher emails claiming to be from a legit company. Making a worm to steal the information isn't even necessary when the user is already the weakest link after being socially engineered.

Posing "threads"

[AndroidCat]

Viruses that install backdoors aren't new. And scanning to look for the backdoors isn't new. MyDoom.A got big press, spread far, and now (especially since it's now open source :) there are going to be a lot of people taking advantage of it.

All the speculation about who did it or even why is still speculation. (If someone hated SCO so much, why stop after two weeks?)

Re:Worms are legal in America, no?

That's only legal because you have to click on an "I agree to these terms" box to play the game. The fact that you're also running a worm/adware is disclosed in the legal text, but waaaaay down where nobody ever looks. Legal? Yes. Ethical? Only to SCO.

The problem is that they idiot-proofed the net and then we were surprised when the idiots came.

For Newbies, not experienced users.

[Azureflare]

Talk about overreacting. But, you proved the grandparent posters point. You are obviously not a user who needs to switch to a mac. You know what you are doing.

These people STILL infected with MyDoom don't know the first thing about computer security. They would be MUCH MUCH better off with a Mac than with windows. All they probably do anyway is chat with their little friends on AIM and check their webmail.

It's obvious that windows is NOT the perfect OS for clueless newbie users, because it leaves gaping holes for them to be abused through. Think about it from the newbie point of view, not the experienced user point of view.

Thank you.

Re:For Newbies, not experienced users.

[ball-lightning]

These people STILL infected with MyDoom don't know the first thing about computer security. They would be MUCH MUCH better off with a Mac than with windows. All they probably do anyway is chat with their little friends on AIM and check their webmail.


And that's great, until Macintosh's become popular enough for viruses to be written for them (at which point its going to be a massacre). A guy I work with owns a Macintosh, and he brags about how he doesn't need to run any antivirus program and how he can open all attachments. If a virus like MyDoom was created for the Macintosh, how much you want to bet my coworker (and people like him) would get infected right away, because they aren't using common sense? Windows may be buggy, and windows may have a lot of security holes, but in this case, MyDoom does not take advantage of any of them MyDoom takes advantage of the traditional weakest link in any security system, people.

Re:War?

What do they want to wage war against me for?
I just want to read email!

Because they hate freedom.

Re:I wonder

[iamdrscience]

50MB email attachments don't work so well.

Re:A way to deal with worm outbreaks?

[delirium28]

This happened with one of the other worms last year (Slammer or something similar, I can't recall right now).

The problem is that by creating a worm that cleans up the original malware worm, the fix is just as bad as the original virus. You're still using a lot of bandwidth that isn't yours, you're still sending out a program to change someone else's system without their permission, etc.

On the surface it looks like a good idea, but unfortunately it has a lot of serious drawbacks.

Re:Laugh with me...

[ron_ivi]

Are you suggesting people block all those ports because there are known windows trojans that use them?!?

Sure if you block ports 21, 25, 53, etc you might be safer, but far less functional a system as well. If you go that far, I think you'd be better firewalling off all ports and just opening the ones for the services you _want_ to have exposed.

Kinda scary

[promethean_spark]

That a worm that digs for personal information goes active right when people start doing their taxes in the US. There are alot of bank account numbers being typed in right now. A worm that hacks taxact to send an account number the virus writer can access instead of the user's would be quite profitable. It'd probably only work for 24 hours or less, but it could steal hundreds of millions in that time.

Re:I thought that Doomjuice was from the ...

[LostCluster]

When there's 48 similar worms all doing similar things, it's a little hard to figure out which one came first, and which worm caused which damage. Confuse juries enough to create a reasonable doubt, and in the USA at least you're in the clear...

Re:Lamest... Names... Ever

[SirTalon42]

Blame the AV companies, their the ones that have no imagination (and come up w/ the names).

Switching OSs isn't the solution

[Raptor-DP]

I've heard many people say 'well, if you'd switch to mac or linux you wouldn't have this problem.' If one person switches to another OS, they still have to deal with the crap that gets written for windows, because like it or not since the majority is windows, and if its a virus that generates massive amounts of web traffic we all have to put up with it. We all have to deal with the slow downs and the downed servers, not that microsoft's website being down is that great of a loss. At least untill you're a network admin and need information on something critical and can't get to their knowledge base. And if that wern't enough, there are other results of this. It makes the internet look unsafe, and a place that needs outside control. I personally would hate to see more laws and acts then we already have designed to make the internet more 'secure'. Acts set in place to regulate the internet itself, or even more frightening, acts set in place on software makers. Every single new virus that comes out, is a potential launching point for so called Trusted Computing. Because, like it or not, holding the software company responsible for its customers not updating their sofware is stupid. Not saying that Microsoft shouldn't be held responsible for their excuse for a decent OS, but its not like they aren't at least making patches and fixes for the problems found... slowly, yes ... but at least they are released. And I, while not enjoying Microsoft's software, have to use Windows for certain things, and am glad they are finally taking care of the problems they have. But am completly pissed the hell off at their supposed Trusted Computing, an evil that must be stopped. On another note, has anyone noticed an in crease in DNS downage? I've had a few people tell me about problems, that when eventually looked into, were because of downed DNS servers. Possibly a result of MyDoom and Co.?