A new worm, named Doomjuice and MyDoom.C by various AV vendors, was identified. It spreads by exploiting the backdoor left by MyDoom.A and MyDoom.B. After infecting a system, it leaves a copy of the Mydoom.A source in a file named 'sync-src-1.00.tbz'. Doomjuice is also set to perform a DDOS against www.microsoft.com.
More information and removal instructions are available at:
Port 445 and 139
A sharp increase in the number of connections to ports 445 and 139 has been reported. The source of these has yet to be determined.
MyDoom Hype Fueled By Antivirus Software Vendors
Computerworld has a good article regarding the media hype that has been generated around the MyDoom worms. MyDoom is credited as the fastest spreading worms in history, but has not caused nearly the disruptions of Slammer and Blaster. Article is here:
Handler on Duty: Dave Brookshire
Feb 10th 2004
1 decade ago