Handler on Duty: Xavier Mertens
Threat Level: green
Loading...
|
|
Submitted By | Date |
---|---|
Comment | |
2009-10-04 18:45:22 | |
The overwhelming majority of hits I've seen are Doomjuice.A &;; B. Nachi and Vesser have been very rare. I've also been sent "Phatbot3" which is probably a modified version of Argobot. | |
Karma | 2009-10-04 18:45:22 |
Although MyDoom may listen on 3127, this activity is probably that of DoomJuice or Nachi.B/C variants "looking" for MyDoom backdoors. | |
K-OTik.COM (TechNet) | 2009-10-04 18:45:22 |
As you know MyDoom.A machines are exploited by MyDoom.C and Vesser - There is a faster and more dangerous worm exploiting these machines : his name is "kiddies" !! so here is one of the codes used by kiddies to exploit Mydoom.A machines (many other codes in the wild) http://www.securityfocus.com/archive/1/353325 http://www.k-otik.com | |
Brian Porter | 2004-02-10 19:50:07 |
MyDoom.C / Doomjuice http://www.lurhq.com/mydoom-c.html http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A http://us.mcafee.com/virusInfo/default.asp?id=description&;virus_k=101002 http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html http://www.f-secure.com/v-descs/doomjuice.shtml http://www.viruslist.com/eng/alert.html?id=930701 | |
2004-02-06 22:18:53 | |
The Win32.Mydoom computer-virus opens and listens to the TCP port 3127, (if this port is already in use, the worm tries the next one free from the range 3128- 3199). The backdoor appears to have two main functions: execution of remotely-supplied code, and port forwarding. Reference: http://www3.ca.com/virusinfo/virus.aspx?ID=38102 | |
sfuechsli | 2004-01-27 18:14:12 |
WORM_MIMAIL.R (Aliases: W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm) |
CVE # | Description |
---|