Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Worms Feed on MyDoom Infections

Posted by ryuzaki0 on from the sucks-to-run-windows dept.

JJP writes "ZDNet Australia is reporting that two new worms, Doomjuice and Deadhat, are taking over computers previously infected by the MyDoom virus. Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work. Whilst the threat these two worms pose shouldn't be too big, both needing a MyDoom backdoor, it is still a novel way to spread a virus. In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war and steal confidential data from our computers."

23 of 243 comments (clear)

  1. Get a Mac by BWJones · · Score: 5, Insightful

    This reminds me of that old ad which opens with a guy was trying to hook up his laptop at a huge meeting to start a presentation. He is having problems getting things to work and people are yelling suggestions from the audience: "Try c: start!" or something like that. This goes on for some time with different people yelling various suggestions and then at the very end when it appears things are not going to work, someone yells: "get a Mac!" The ad then fades out.... I suppose for the Linux crowd, the yell could be "get a Penguin" or "get a boxen", but the sentiment is the same: Do something.....Do anything......but do not continue to use that unsecured Windows box. You are wasting your time and you are wasting my time and costing companies, businesses and governments big time.

    --
    Visit Jonesblog and say hello.
    1. Re:Get a Mac by IthnkImParanoid · · Score: 5, Interesting

      Funny you suggest either buying a whole new machine, or using a whole different OS, when the MyDoom problem could just be solved by not opening attachments.

      I'll just ask: is it possible for a binary file to open ports and send itself as an email attachment on a Mac? On a linux box? Are you sure you understand the problem?

      --
      It's nothing but crumpled porno and Ayn Rand.
    2. Re:Get a Mac by Anonymous Coward · · Score: 5, Insightful

      Again, parroted on slashdot numerous times -- why hit the less than 1/3 IIS installations out there when you can hit 2/3 with an Apache bug?

      popularity isn't exactly directly related to the number of exploits it has. :)

    3. Re:Get a Mac by Dionysus · · Score: 5, Interesting

      with my linux box and mac i can do whatever i want - including open attachments... i bought a computer so i could use it.

      To be infected by MyDoom, you would have to open the attachment and run the binary.

      if you mean, "can i fire up an mta and start spraying email all over creation"? then the answer is only if you have root. and if that virus has root... well, you've got bigger problems.

      Eh, no. You don't have to be root to "spray email all over creation". Outgoing connections usually use unprivileged ports. And to accept incoming connection without root, you just need to listen to a port above 1024.

      --
      Je ne parle pas francais.
    4. Re:Get a Mac by dgatwood · · Score: 5, Informative
      On Mac OS X, installing a startup item requires you to manually type in your administrator password. Viruses could only become a permanent part of your system if they could convincing people that there was a reason to allow them to install things. Otherwise, such a virus could only run until you rebooted your computer or logged out, making it much less effective.

      A virus would not be able to automatically start just by reading a message, as Mail doesn't allow that to happen. More significantly, it could not masquerade as another type of file, since clicking on it would pop up a dialog that says something like "Warning: the attachment 'foo.jpg.app' is an application. Since applications can contain viruses, make sure this was sent by someone you trust." or some such.

      In short, even if the Mac platform were the primary computing platform on the planet, it would not have these problems at the same level, IMNSHO.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Re:Get a PENCIL AND PAPER by Denver_80203 · · Score: 5, Funny

    I hear those are safe too.. and just as useful to me in my busniess as a Mac.

  3. Proof? by Srividya · · Score: 5, Funny

    No proof yet... BBC says MyDoom spread by Linux users to hurt SCO, Linux users say MyDoom spread by spammers to hurt everyone, spammers say MyDoom spread by BIGGER PENIS NOW... Who to believe?

  4. DoomNet... by LostCluster · · Score: 5, Interesting

    MyDoom's backdoor has been demonstrated by DoomJuice and now the copycats are at it. There's now network of zombies willing to do the bidding of anybody who hacks in... remember, the MyDoom name is based on a typo, the author wanted to call it MyDomain.

    I guess the only positive side effect is that some of these DoomJuice variants are closing the back door from the original MyDoom so that nobody else can interfere with them. Now, if only there was a MyDoom uninstaller worm that didn't have another distructive payload...

  5. Virus names by Anonymous Coward · · Score: 5, Funny

    Do you think people come up with a clever virus name or the virus first?

    1. Re:Virus names by DougWhite · · Score: 5, Funny

      Isn't kinda like forming a Rock Band, you pick the name, and the image. The music comes to you after you sell your soul to the RIAA?

  6. Re:Ooo! by UFNinja · · Score: 5, Funny

    No, if it was funded by Apple it would be called iDoom. ;)

  7. Re:Organized crime? by Trigun · · Score: 5, Funny

    When are the nation states going to wake up and start an international war against spam?

    When the spammers have oil.

  8. Cyber war? Puleeeze by saskboy · · Score: 5, Insightful

    "In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war..."

    If organized crime was looking to steal data, all they had to do is ask people. Hundreds of people hand over their eBay, PayPal, and credit card information every day to phisher emails claiming to be from a legit company. Making a worm to steal the information isn't even necessary when the user is already the weakest link after being socially engineered.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  9. I wonder by bigattichouse · · Score: 5, Interesting

    Not that I would condone the activity, but I'm surprised someone hasn't made an email virus that installs an OS on the machine. I would find this in incredible violation of ones choice, but I still won't be surprised when it happens.

    --
    meh
  10. white hat worms? by Anonymous Coward · · Score: 5, Interesting

    I wonder... what are the legalities behind having a worm go around, attack the backdoor created by MyDoom, and cause an alert box containing the infection info to pop-up on the user console? Or, change the person's wallpaper to a similar message so that they dont just blindly hit ok?

  11. A way to deal with worm outbreaks? by gokubi · · Score: 5, Interesting

    "Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work."

    When a big worm comes out, wouldn't it be possible to write another worm that would utilize the backdoor, get rid of the worm, and then hang about to make reinfection impossible?

    My organization took care of the worm in the first few minutes after it started spreading, but there seem to be a lot of people still out there who aren't protected (if the number of inbound mails my mail server quarantines each day is any indication).

    If someone in a white hat wrote a MyDoom imobilizer worm, and then released it, wouldn't that put a speedy end to MyDoom in the wild?

    --
    I'm much funnier now that I'm a subscriber.
    1. Re:A way to deal with worm outbreaks? by delirium28 · · Score: 5, Insightful
      This happened with one of the other worms last year (Slammer or something similar, I can't recall right now).

      The problem is that by creating a worm that cleans up the original malware worm, the fix is just as bad as the original virus. You're still using a lot of bandwidth that isn't yours, you're still sending out a program to change someone else's system without their permission, etc.

      On the surface it looks like a good idea, but unfortunately it has a lot of serious drawbacks.

      --
      Who is John Galt?
  12. for the non-dutch by sosume · · Score: 5, Informative

    or those who cannot get past the registration links:

    Amsterdam - There are signs that the computer virus MyDoom has been brought into circulation by organised crime syndicates. The wormvirus was accompanied yesterday by the evil program 'DeadHat'. Microsoft and software maker SCO have a quarter *billion* dollar in stock to reward the tip that will lead them to its creators.

    According to the British research firm mi2g, deadhat is designed to provide its creator with sustaining, long-term control over a system. This power could be abused to hostage websites.

    It is also possible to abuse the pc in sending spam e-mail, and the program is capable of harvesting passwords and other confidential information. Deadhat is an intelligent software agent, a program .....

    [snip] the really boring part

    According to mi2g, deadhat has encrypted intelligence, waiting to be activated. "This definitely looks like the work of organized crime"

    Meanwhile, Soomjuice has come to surface. Another worm which seems to battle for control of the PC.

  13. Cleverer Social Engineering by GillBates0 · · Score: 5, Informative
    According to the Symantec Security Response page on the DeadHat (parody of RedHat?) worm spreads through Soulseek disguised as one of the following:

    * Windows2003Keygen.exe
    * mIRC.v6.12.Keygen.exe
    * Norton.All.Products.KeyMkr.exe
    * F-Secure.Antivirus.Keymkr.exe
    * FlashFXP.v2.1.FINAL.Crack.exe
    * SecureCRTPatch.exe
    * TweakXPProKeyGenerator.exe
    * FRUITYLOOPS.SPYWIRE.FIX.EXE
    * ALL.SERIALS.COLLECTION.2003-2004.EXE
    * WinRescue.XP.v1.08.14.exe
    * GoldenHawk.CDRWin.v3.9E.Incl.Keygen.exe
    * BlindWrite.Suite.v4.5.2.Serial.Generator.exe
    * Serv-U.allversions.keymaker.exe
    * WinZip.exe
    * WinRar.exe
    * WinAmp5.Crack.exe

    This is also a Social Engineering technique similar to the catchy email sent by other recent worms.

    The difference I see is that the filenames are catchier and seem to be targetted towards a more computer savvy audience. Normal Windows users wouldn't need to look for WinRar.exe and the other security software cracks/etc...but then, they're the ones who opened the MyDoom attachments in the first place.

    Get the dumb users with vulnerable PCs through email attachments, and break the more secure computers/users through enticing downloads!

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  14. New Welchia Worm by fdiskne1 · · Score: 5, Interesting

    Whereas the new Welchia/Nachi worm cleans the MyDoom viruses, sets the hosts file back to just 127.0.0.1 localhost, installs a few Microsoft patches, reboots and scans for other MyDoom, MSBlast and Welchia infected machines to clean. It also sets up a web server on the machine serving a webpage with a cryptic message about various Japanese and Korean massacres. It then disables itself on June 1, 2004, or after running 180 days, whichever comes first.

    I don't normally like any Windows virus, but I have a tough time not liking this one.

    --
    But why is the rum gone?
  15. Hmmm.... by fizban · · Score: 5, Funny

    MyDoom: "Who are you?"

    DoomJuice: "I'm your Grim Reaper."

    MyDoom: "Like hell you are. This is my machine, punk."

    DoomJuice: "Prepare to meet thy maker (wink wink)."

    MyDoom: "Over my dead process."

    DoomJuice: "Look, a little old lady on a Windows 98 machine!"

    MyDoom: (turns) "Who? Where?"

    DoomJuice: "Your Mom." *BONK* "Muhahahaha! Mine, the world is mine!"

    --

    +1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.

  16. Re:For Newbies, not experienced users. by ball-lightning · · Score: 5, Insightful

    These people STILL infected with MyDoom don't know the first thing about computer security. They would be MUCH MUCH better off with a Mac than with windows. All they probably do anyway is chat with their little friends on AIM and check their webmail.


    And that's great, until Macintosh's become popular enough for viruses to be written for them (at which point its going to be a massacre). A guy I work with owns a Macintosh, and he brags about how he doesn't need to run any antivirus program and how he can open all attachments. If a virus like MyDoom was created for the Macintosh, how much you want to bet my coworker (and people like him) would get infected right away, because they aren't using common sense? Windows may be buggy, and windows may have a lot of security holes, but in this case, MyDoom does not take advantage of any of them MyDoom takes advantage of the traditional weakest link in any security system, people.

  17. Viruses : Cutting Edge of Artificial Intelligence by Pup5 · · Score: 5, Interesting
    It's interesting to watch the development of more advanced viruses. We've created the perfect medium for their development, existence within an artificial world.
    • Food is computing power, which it steals.
    • Prey are vulnerable computers, with computing power unprotected.
    • Predators are virus scanning and eradication software.
    • Reproduction is checked only by environmental factors.
    • Evolution has developed two clear attributes: transport and payload.
    It will be very interesting to watch this area develop, especially considering it's place in society. It's incredible that not only have software companies been given virtual total immunity from the financial impact of their defective products, but that they have convinced the right parties that people who expose their defects are criminals. Truly incredible.