MyDoom.C seeks to fix failed Microsoft attack

A virus described by some experts as "MyDoom.C" was found in the wild yesterday, jumping between machines already infected with the A and B variants of the worm, in an attempt to launch a denial of service attack against Microsoft Corp.

According anti-virus software vendors, the new program is designed to sniff port 3127, which MyDoom.A and B left open as a backdoor, on random IP addresses. It then transmits itself to the infected machine, upgrading the infection to the C variant.

The worm is unusual in that it does not try to infect new PCs. Its purpose seems to be to upgrade the zombie network left by the first two variants – estimated as big as 800,000 PCs – to give it a better chance of knocking microsoft.com off the web.

MyDoom.C fixes bugs in the B variant that prevented the Microsoft DDoS attack from being as successful as it could have been, and changes the behavior of the A variant, which was designed to attack www.sco.com, but not Microsoft.

According to Trend Micro Inc, the latest worm will continue to attack Microsoft, by sending endless streams of HTTP GET commands, after February 12, the date that the first two variants were set to terminate.

Whether the virus is technically a variant of MyDoom is debatable, as it lacks key components of the original, such as the mass-mailing delivery mechanism. Many vendors referred to it as DoomJuice instead.

One security company, Mi2g Ltd, reported that Microsoft’s site was intermittently inaccessible from various parts of the internet over the weekend, and later said this could have been due to MyDoom.

Microsoft, however, said its systems were not seeing any impact from the attack. All Microsoft.com web properties are stable and available to customers, a spokesperson said in a prepared statement.

While nobody knows for sure how large the MyDoom zombie network is, it was large enough to generate sufficient traffic to successfully push www.sco.com, the web site of The SCO Group Inc, off the web on February 1.

Both Microsoft and SCO are separately offering rewards of $250,000 to whoever provides information leading to the arrest and conviction of the A and B variant authors. People with information are encouraged to contact the FBI or Interpol.

This article is based on material originally published by ComputerWire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing