New MyDoom version begins rampage

A new version of the MyDoom virus is spreading in the wild, according to security consultancy iDefense Inc.

The new worm, MyDoom.c or DoomJuice, spreads over network connections to an open port on computers already infected by earlier versions of the worm. It appears to correct a coding error in the last version of the worm and launch an attack against Microsoft Corp.'s Web site, said Ken Dunham, director of malicious code for iDefense of Reston, Va.

'MyDoom.c is now launching a distributed denial-of-service attack against microsoft.com,' Dunham said. 'If it becomes widespread, microsoft.com will likely become unavailable.'

MyDoom appeared last month. Spreading by e-mail, it quickly infected 800,000 computers worldwide. It mass-mailed itself to new targets, launched a denial-of-service attack against SCO Group Inc. of Lindon, Utah, and installed a back door in infected computers, opening TCP Port 3127.

A subsequent version, MyDoom.b, appeared within two days programmed to launch an attack against Microsoft but did not gain the ground of its parent and had no serious impact on Microsoft's site. The code in the two initial versions of the worm appears to cease attacks on Feb. 12, although if their penetration goes unnoticed, they leave Port 3127 open to other attacks.

The latest version spreads to computers listening on Port 3127. Once inside, Version C executes, creating a copy of itself in the Windows System directory and begins scanning for new targets.

'The source code for MyDoom.a is copied to the local drive when MyDoom.c is executed,' Dunham said. 'This will undoubtedly encourage new MyDoom-like worms to emerge in the future.'

Analysis of the worm is continuing, but the new version appears to include source code from MyDoom.a, fixes a buggy date comparison problem for MyDoom worms, does not have a back-door component and has no kill date, Dunham said.

The worm could mark a trend for the coming year.

'Get ready for noisy e-mail worms in 2004,' he said. 'We are going to see a lot more of MyDoom and similar worms that generate a high volume of e-mail and disrupt the Net at large.'

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected