Virus writers are exploiting machines infected by MyDoom-A to launch a denial of service attacks on Microsoft with the release of yet another Net worm. The Doomjuice worm, discovered yesterday, uses the back door installed by Mydoom-A to spread. Doomjuice does not propagate using email. Doomjuice (AKA MyDoom-C) scans random IP addresses to locate machines with the MyDoom-A backdoor (TCP port 3127) open. Using this technique it infects vulnerable machines that then becomes doubly infected. Zombie machines infected by MyDoom-C become part of a DDoS attack against Microsoft.com – explained in greater depth here. Doomjuice – unlike MyDoom-A – is not programmed to attack www.sco.com. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.