Screw Shield Gun, Bring Up Your Firewall

Posted: Tue Feb 10, 2004 1:37 am

Yup folks, it's time again for another round of the beloved MyDoom virus, now in it's .C variation, this one doesn't even require Outlook or Outlook Express to transmit itself! To quote from the Eweek article which covers the release:
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory under the file name "intrenat.exe" and also creates a file named "sync-src-1.00.tbz" in several locations.

But unlike the two previous versions of MyDoom, this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., based in Reston, Va. The worm's code is not encrypted, but it contains all of the source code for MyDoom.A.Fun fun fun, time to update those virus definitions and bring up those firewalls people. Gosh it's a great time to be on the Internet.

Posted: Tue Feb 10, 2004 1:51 am

dear god not another varitation. Good post peoii Wink

Posted: Tue Feb 10, 2004 2:42 am

It only can infect machines that are already infected with MyDoom.
Not too scarry.

Posted: Tue Feb 10, 2004 3:36 am

Or that run Windows. Break out the Linux or Mac version of UT, kids! Wink

Posted: Tue Feb 10, 2004 4:05 am

does it do much harm? doesn't it just use your machine to attack Microsoft? or am I just hallucinating?

Ultimate Fanboy Joined: 18 May 2003 Posts: 508

Mydoom.a doesn't necessarily need Outlook or Outlook Express. It has the capabilities of using it's own SMTP engine. I've also noticed that it doesn't need an address book to feed it. It will scan your temporary internet files, and make up addresses, such as dave@unrealops.com.

And since people don't clear their internet files, nor protect their machines, anyone with a catch-all address to a popular domain will get blasted away with emails.

Guest

internat.exe is also a "normal" file http://www.liutilities.com/products/wintaskspro/processlibrary/internat/

Posted: Tue Feb 10, 2004 8:58 am

Windows really has nothing to do with it... it's more about people's stupid ablity to open executeable files and run them without any idea what they are doing. Heavy user intervention is required.

Linux or Mac has simply the same fault. If I send you a bogus executeable and you run it, who knows what it is going to do!

Guest

Nope, this is a windows only thing, that only infects Windows PC's that already have the myDoom virus. It launches DoS attacks on microsoft.com, which may be why my MSN messenger wouldn't log on yesterday night Sad

http://news.bbc.co.uk/1/hi/technology/3475235.stm

Posted: Tue Feb 10, 2004 10:17 am

i wonder if that's the culprit for all the messages that i have been getting in my inbox titled "hi" and "hello".....

i hope not even tho i delete all those messages before i read them because i dont know who they are (and because they have an EXE as an attachment, eventho it says it's a unicode attachment)

Posted: Tue Feb 10, 2004 9:25 pm

I would be glad to have the wirus if it only attacks Microsoft

Posted: Tue Feb 10, 2004 9:49 pm

A bit of voiced detest Wink

I'm botherd they don't have a simple way to remove it yet; at leas that I know about.

Zen