Tuesday, February 10, 2004

Chicago Tribune | 'Mydoom' Creators Start Up 'Doomjuice':
"Finnish computer security experts warned Tuesday of a new worm, known as 'Doomjuice,' that is expected to attack computers infected by 'Mydoom,' despite the fact it's programmed to stop spreading later this week.

The virus, first detected by F-Secure on Monday night, has so far infected at least 30,000 computers worldwide since it was activated Sunday, said the company's director of antivirus research, Mikko Hypponen. "

Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corp.'s Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world.

"Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom," Hypponen told The Associated Press. "People won't even realize their computers are being attacked, and then they'll have both Mydoom and Doomjuice in their computers."

Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.

"This proves to us that Doomjuice and Mydoom.A are written by the same people," Hypponen said. "The source code of Mydoom.A has not been seen circulating in the underground before."

Doomjuice's ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said. "And lots of them are being cleaned up already at a quick rate."

But, he warned, unlike Mydoom which is programmed to stop spreading on Feb. 12, Doomjuice could run forever. "At least until all computers everywhere infected by both worms have been cleaned up, and that could be years," Hypponen said.

F-Secure said it is difficult to fully assess how destructive Doomjuice has been so far, but that one sensor monitoring a fifth of the world's Internet traffic Monday found 30,000 hits.

So far, www.microsoft.com, one of the largest web sites in the world, appears to be operational, but F-Secure had noticed a disruption in service on Monday.

F-Secure: http://F-Secure.com/

http://www.chicagotribune.com/technology/sns-ap-finland-doomjuice-worm.story
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)