DoomJuice Attacks -- Latest MyDoom "Variant"
Hitting a week after the MyDoom.A Virus attacked The Santa Cruz Operation
, the latest in
the MyDoom family is moving into full swing. Suspected of being
authored by the same programmer as the MyDoom Viruses, DoomJuice uses
back doors which have been installed on MyDoom infected machines.
Unlike the MyDoom.A and MyDoom.B variants, DoomJuice does not rely on
e-mail attachments to infect systems. DoomJuice is a worm which looks
for infected systems and then uses the MyDoom backdoors on those
systems to help infect other systems.
Once infected, compromised systems launch attacks against both Microsoft and SCO. Although
Microsoft has been able to easily weather the attacks presented by the
MyDoom.B Virus, it has had problems with DoomJuice. Over this past
weekend, the Microsoft exhibited unusual slowness and was, at times,
DoomJuice is not expected to be as great a problem as the MyDoom
Viruses as it can only spread if it is able to find previously
infected machines. In order to find those machines, DoomJuice scans
random machines on the Internet to see if they are infected. Only
upon finding an infected machine can it spread.
It is estimated that 30,000 machines were infected with this worm
during the first 48 hours of it being discovered. After February 12th
its attempts to attack the Microsoft and SCO web sites are programmed
What to Do