New MyDoom version begins rampage

A new version of the MyDoom virus is spreading in the wild, according to security consultancy iDefense Inc.

The new worm, MyDoom.c or DoomJuice, spreads over network connections to an open port on computers already infected by earlier versions of the worm. It appears to correct a coding error in the last version of the worm and launch an attack against Microsoft Corp.'s Web site, said Ken Dunham, director of malicious code for iDefense of Reston, Va.

'MyDoom.c is now launching a distributed denial-of-service attack against microsoft.com,' Dunham said. 'If it becomes widespread, microsoft.com will likely become unavailable.'

MyDoom appeared last month. Spreading by e-mail, it quickly infected 800,000 computers worldwide. It mass-mailed itself to new targets, launched a denial-of-service attack against SCO Group Inc. of Lindon, Utah, and installed a back door in infected computers, opening TCP Port 3127.

A subsequent version, MyDoom.b, appeared within two days programmed to launch an attack against Microsoft but did not gain the ground of its parent and had no serious impact on Microsoft's site. The code in the two initial versions of the worm appears to cease attacks on Feb. 12, although if their penetration goes unnoticed, they leave Port 3127 open to other attacks.

The latest version spreads to computers listening on Port 3127. Once inside, Version C executes, creating a copy of itself in the Windows System directory and begins scanning for new targets.

'The source code for MyDoom.a is copied to the local drive when MyDoom.c is executed,' Dunham said. 'This will undoubtedly encourage new MyDoom-like worms to emerge in the future.'

Analysis of the worm is continuing, but the new version appears to include source code from MyDoom.a, fixes a buggy date comparison problem for MyDoom worms, does not have a back-door component and has no kill date, Dunham said.

The worm could mark a trend for the coming year.

'Get ready for noisy e-mail worms in 2004,' he said. 'We are going to see a lot more of MyDoom and similar worms that generate a high volume of e-mail and disrupt the Net at large.'

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected