Saturday, July 31, 2004

MyDoom Attacks Microsoft.com Through Back Door

MyDoom Attacks Microsoft.com Through Back Door:
"As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com.

MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for further commands. Zindos spreads itself by scanning for machines listening on port 1034. When it finds one, Zindos copies itself to the infected PC and then Zincite executes the copy. "

Analysts at Symantec Corp., based in Cupertino, Calif., said Tuesday that they had discovered a previously unknown function in MyDoom.O that keeps track of every system the worm infects.

After finding this, the analysts went back over the code from MyDoom.L and found that that variant contains the same feature. This led the team to conclude that the worms' author may have used the machines infected by the L variant as a seeding ground for the latest version.

http://www.eweek.com/article2/0,1759,1628180,00.asp
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)