New Worms Feed on MyDoom Infections
JJP writes "ZDNet Australia is reporting that two new worms, Doomjuice and Deadhat, are taking over computers previously infected by the MyDoom virus.
Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work. Whilst the threat these two worms pose shouldn't be too big, both needing a MyDoom backdoor, it is still a novel way to spread a virus. In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war and steal confidential data from our computers."
Funny you suggest either buying a whole new machine, or using a whole different OS, when the MyDoom problem could just be solved by not opening attachments.
I'll just ask: is it possible for a binary file to open ports and send itself as an email attachment on a Mac? On a linux box? Are you sure you understand the problem?
It's nothing but crumpled porno and Ayn Rand.
MyDoom's backdoor has been demonstrated by DoomJuice and now the copycats are at it. There's now network of zombies willing to do the bidding of anybody who hacks in... remember, the MyDoom name is based on a typo, the author wanted to call it MyDomain.
I guess the only positive side effect is that some of these DoomJuice variants are closing the back door from the original MyDoom so that nobody else can interfere with them. Now, if only there was a MyDoom uninstaller worm that didn't have another distructive payload...
Not that I would condone the activity, but I'm surprised someone hasn't made an email virus that installs an OS on the machine. I would find this in incredible violation of ones choice, but I still won't be surprised when it happens.
meh
I wonder... what are the legalities behind having a worm go around, attack the backdoor created by MyDoom, and cause an alert box containing the infection info to pop-up on the user console? Or, change the person's wallpaper to a similar message so that they dont just blindly hit ok?
"Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work."
When a big worm comes out, wouldn't it be possible to write another worm that would utilize the backdoor, get rid of the worm, and then hang about to make reinfection impossible?
My organization took care of the worm in the first few minutes after it started spreading, but there seem to be a lot of people still out there who aren't protected (if the number of inbound mails my mail server quarantines each day is any indication).
If someone in a white hat wrote a MyDoom imobilizer worm, and then released it, wouldn't that put a speedy end to MyDoom in the wild?
I'm much funnier now that I'm a subscriber.
with my linux box and mac i can do whatever i want - including open attachments... i bought a computer so i could use it.
To be infected by MyDoom, you would have to open the attachment and run the binary.
if you mean, "can i fire up an mta and start spraying email all over creation"? then the answer is only if you have root. and if that virus has root... well, you've got bigger problems.
Eh, no. You don't have to be root to "spray email all over creation". Outgoing connections usually use unprivileged ports. And to accept incoming connection without root, you just need to listen to a port above 1024.
Je ne parle pas francais.
Whereas the new Welchia/Nachi worm cleans the MyDoom viruses, sets the hosts file back to just 127.0.0.1 localhost, installs a few Microsoft patches, reboots and scans for other MyDoom, MSBlast and Welchia infected machines to clean. It also sets up a web server on the machine serving a webpage with a cryptic message about various Japanese and Korean massacres. It then disables itself on June 1, 2004, or after running 180 days, whichever comes first.
I don't normally like any Windows virus, but I have a tough time not liking this one.
But why is the rum gone?
- Food is computing power, which it steals.
- Prey are vulnerable computers, with computing power unprotected.
- Predators are virus scanning and eradication software.
- Reproduction is checked only by environmental factors.
- Evolution has developed two clear attributes: transport and payload.
It will be very interesting to watch this area develop, especially considering it's place in society. It's incredible that not only have software companies been given virtual total immunity from the financial impact of their defective products, but that they have convinced the right parties that people who expose their defects are criminals. Truly incredible.