A new version of the MyDoom worm appears to be circulating on the Internet and may be responsible for some disruptions to Microsoft Corp.’s Web site Sunday night and Monday morning, researchers said. When it’s executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine’s Windows directory under the file name “intrenat.exe” and also creates a file named “sync-src-1.00.tbz” in several locations. But unlike the two previous versions of MyDoom, this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., based in Reston, Va. The worm’s code is not encrypted, but it contains all of the source code for MyDoom.A. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.