Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


MyDoom virus reappears as a new version

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

February 10, 2004

Virus MyDoom.C, is a modified copy of the virus that ravaged the Internet in January. Internet security companies said Monday that they discovered a new version of the MyDoom e-mail worm circulating on the Internet.

Unlike its predecessor, however, the new variant does not use e-mail or the Kazaa peer-to-peer network to spread and is not expected to make much of an impact on the Internet, said managed security services provider LURHQ Corp.

MyDoom.C both refines and tames the earlier version of the virus, known as MyDoom.A.

Among other changes, the new virus fixes problems with the original MyDoom e-mail worm, including errors in the worm's code that made it impossible for many MyDoom-infected machines to launch a programmed denial of service (DoS) attack against The SCO Group Inc.'s Web site, www.sco.com. Gone also is the expiration date that told machines infected with the original MyDoom virus to stop their DoS attack on February 12, 2004, LURHQ said.

Also, instead of depositing a file that opens a backdoor on infected machines, the new virus distributes a compressed archive of the worm's original source code, the company said.

However, the MyDoom.C author also removed many of the most dangerous features of the original virus, including the highly efficient SMTP engine that enabled infected machines to spew out e-mail messages containing the virus. That component made the original MyDoom worm the fastest spreading e-mail worm in history, easily defeating Sobig-F, the previous record holder, according to antivirus software companies, the company said.

Instead, MyDoom.C seeks out and infects machines that are already infected with the original MyDoom virus by searching for machines that are listening on port 3127, a telltale sign of MyDoom infection, said security company iDefense Inc. in a security alert.

That approach will give MyDoom.C a solid base of as many as 500,000 machines, but will keep MyDoom.C from spreading much beyond the community of already-infected machines, LURHQ and iDefense said.

The MyDoom.C author also removed a Trojan horse "backdoor," but included a copy of the worm's source code, which is deposited on machines infected with the new variant, the companies said.

Unlike the first MyDoom virus, MyDoom.C takes its sights off of The SCO Group Web site, but continues an attack on Microsoft Corp.'s Web site that was introduced by the MyDoom.B variant, LURHQ and iDefense said.

If started on or between February 8, 2004 and February 12, MyDoom.C- infected machines will launch randomly timed DoS attacks against Microsoft.com. Machines started after the February 12 will launch constant attacks against the Redmond, Wash., company's Web page, LURHQ said.

An analysis of the worm's code also uncovered an IP (Internet Protocol) address linked to www.ford.com, the Web page of Ford Motor Co. However, it is not clear whether the worm targets Ford, iDefense said.

The lack of aggressive spreading features, a staple of most e-mail worms, and the inclusion of the MyDoom.A source code may mean that the MyDoom author is closing shop and handing off his creation to other virus writers to refine, LURHQ said.

Source: IT World


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer