New threat from MyDoom attacks

Users who haven’t cleaned the MyDoom virus off their machines face a new threat, security firms are warning this week.

  • E-Mail
By  Peter Branton Published  February 10, 2004

Users who haven’t cleaned the MyDoom virus off their machines face a new threat, security firms are warning this week. While Mydoom.A and its less widespread variant MyDoom.B are both programmed to “self-terminate” on Thursday, yet another variant, dubbed Doomjuice or more simply MyDoom.C is now on the loose. Unlike the earlier viruses, Doomjuice has no self-termination date, nor does it spread by e-mail. It relies instead on scanning networks for computers infected with the earlier viruses and enters via a TCP port opened by them. Estimates as to the number of machines still infected with the first My.Doom varies from anywhere between 50,000 and half a million. Like MyDoom.B, the latest worm launches a denial-of-service attack on Microsoft’s corporate web site. MyDoom.A launched such a powerful attack on original target SCO’s web site the company was forced to remove it from the domain name service. The emergence of Doomjuice follows a warning from analyst firm Garter last week that users shouldn’t wait until the February 12 termination date to remove MyDoom. “These attacks will likely continue after February 12 and the threat will not end until the MyDoom executable has been removed from all machines,” the company said in an advisory on its web site. While some security firms believe larger businesses have already cleaned their systems up, it is likely that small firms and home users will lag behind. Last year’s MSBlast worm was still lingering several months after its original appearance, Microsoft warned.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code