DoomJuice Attacks -- Latest MyDoom "Variant"

Hitting a week after the MyDoom.A Virus attacked The Santa Cruz Operation, the latest in the MyDoom family is moving into full swing. Suspected of being authored by the same programmer as the MyDoom Viruses, DoomJuice uses back doors which have been installed on MyDoom infected machines.

Unlike the MyDoom.A and MyDoom.B variants, DoomJuice does not rely on e-mail attachments to infect systems. DoomJuice is a worm which looks for infected systems and then uses the MyDoom backdoors on those systems to help infect other systems.

Once infected, compromised systems launch attacks against both Microsoft and SCO. Although Microsoft has been able to easily weather the attacks presented by the MyDoom.B Virus, it has had problems with DoomJuice. Over this past weekend, the Microsoft exhibited unusual slowness and was, at times, unavailable.

DoomJuice is not expected to be as great a problem as the MyDoom Viruses as it can only spread if it is able to find previously infected machines. In order to find those machines, DoomJuice scans random machines on the Internet to see if they are infected. Only upon finding an infected machine can it spread.

It is estimated that 30,000 machines were infected with this worm during the first 48 hours of it being discovered. After February 12th its attempts to attack the Microsoft and SCO web sites are programmed to intensify.

What to Do

• Review Detecting and Removing MyDoom, and follow the instructions presented there.
• Visit Microsoft to find further removal instructions.

View Responses (0)

Post Response