RealNews

Hackers scanning for ports opened by Mydoom

Users are still dealing with inboxes crammed with copies of the Mydoom worm, but the greater danger lies in the ports the worm leaves exposed once a system is infected, experts said. Hackers are scanning for the ports opened by Mydoom and would be able to upload any kind of executable code to infected systems, said Ken Dunham, director of malicious code at Reston, Va.-based iDefense Inc. “All it takes is sending the right syntax and data to TCP ports [to exploit them],” he said. The worm opens ports 3127 to 3198 on infected machines. Dunham suspects that future variants may include some sort of authentication for the ports, so that only the worm writer could access them. Or the creator may have a better verification system, so he knows when machines are injected — so the worm can go and compromise the ports. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.