Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MyDoom.A Timeline, MyDoom.B DDoS a Non-Event SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MyDoom.A Timeline, MyDoom.B DDoS a Non-Event
Not a whole lot of stuff going on today... MyDoom.A is still filling in-boxes, while MyDoom.B, which was initially greeted with dire predictions, seems to have been a dud.

If you're involved in the cleanup of an infected system, it is important to remember that beyond simply spamming the world, MyDoom.A opens a backdoor starting at port 3127 TCP. Any infected system directly connected to the Internet could have been further compromised and should seriously be considered as a candidate for a complete reinstall.

MyDoom.A Timeline

Panda Software has published a MyDoom.A timeline which can be found at:

While we have heard many theories about possible mechanisms behind the rapid spread of MyDoom, examination of compromised machines and the code itself does not indicate a cause beyond the simple fact that even in today's Internet aware world, people still execute attachments. User education needs to become a priority.

MyDoom.B DDoS a Non-Event

The February 3rd deadline for the MyDoom.B virus DDoS against passed without having any effect on the availability of of Microsoft's website. The website of The SCO Group (, apparently the target of a DDoS by MyDoom.A, is still unavailable. The "A" record for the "www" server was removed from the "" DNS entry on February 1 in an attempt to mitigate the expected attack.


Handler on Duty: Tom Liston -

160 Posts
Feb 4th 2004

Sign Up for Free or Log In to start participating in the conversation!