New MyDoom version begins rampage

A new version of the MyDoom virus is spreading in the wild, according to security consultancy iDefense Inc.

The new worm, MyDoom.c or DoomJuice, spreads over network connections to an open port on computers already infected by earlier versions of the worm. It appears to correct a coding error in the last version of the worm and launch an attack against Microsoft Corp.'s Web site, said Ken Dunham, director of malicious code for iDefense of Reston, Va.

'MyDoom.c is now launching a distributed denial-of-service attack against,' Dunham said. 'If it becomes widespread, will likely become unavailable.'

MyDoom appeared last month. Spreading by e-mail, it quickly infected 800,000 computers worldwide. It mass-mailed itself to new targets, launched a denial-of-service attack against SCO Group Inc. of Lindon, Utah, and installed a back door in infected computers, opening TCP Port 3127.

A subsequent version, MyDoom.b, appeared within two days programmed to launch an attack against Microsoft but did not gain the ground of its parent and had no serious impact on Microsoft's site. The code in the two initial versions of the worm appears to cease attacks on Feb. 12, although if their penetration goes unnoticed, they leave Port 3127 open to other attacks.

The latest version spreads to computers listening on Port 3127. Once inside, Version C executes, creating a copy of itself in the Windows System directory and begins scanning for new targets.

'The source code for MyDoom.a is copied to the local drive when MyDoom.c is executed,' Dunham said. 'This will undoubtedly encourage new MyDoom-like worms to emerge in the future.'

Analysis of the worm is continuing, but the new version appears to include source code from MyDoom.a, fixes a buggy date comparison problem for MyDoom worms, does not have a back-door component and has no kill date, Dunham said.

The worm could mark a trend for the coming year.

'Get ready for noisy e-mail worms in 2004,' he said. 'We are going to see a lot more of MyDoom and similar worms that generate a high volume of e-mail and disrupt the Net at large.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected