Digital Edition

SYS-CON.TV
Microsoft.com Is New Target for Network Worm "Double Whammy"
MyDoom.O and Google/Lycos/Altavista/Yahoo! attacks were maybe just the beginning, say experts.

  • "Google's Down!?!?!?!?" - Google Search Performance Flubbed by MyDoom

    According to the Finnish anti-virus firm F-Secure, yesterday's MyDoom.O (or MyDoom.M) attacks on Google, Yahoo!, Altavista, and Lycos are part of a double whammy involving a new worm called Zindos. And the target of Zindos appears to be the Microsoft.com Web site.

    "Zindos and Mydoom.M work together," F-Secure reports this morning. "Mydoom.M laid out the path by infecting a large number of systems and preparing a list of them. Zindos hitches a ride on the Mydoom highway. It uses the lists and the backdors, prepared by Mydoom.M, to quickly spread and hit its target, which is www.microsoft.com."

    Zindos first arrives through the MyDoom.M backdoor, F-Secure explains. When uploaded to the victim, the worm file is dropped to the TEMP folder with a random name. The file is added to the registry as either of

     [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "Tray" = "%TEMP%\<random_name>.exe"
    

     [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "Tray" = "%TEMP%\<random_name>.exe"
    

    To propagate itself, Zindos then uses the list of compromised computers collected by the MyDoom.M backdoor. The worm goes through the list and uploads itself with the corresponding command through the backdoor.

    The so-called "payload" of Zindos is a Distributed Denial-of-Service routine that downloads http://www.microsoft.com/ in an infinite loop with 50ms delays. The AP notes however that experts don't at present believe such a DDoS attack will "significantly" disrupt the Redmond giant's site performance.

  • About Security News Desk
    SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

    In order to post a comment you need to be registered and logged in.

    Register | Sign-in

    Reader Feedback: Page 1 of 1

    well... how about this take? if you don't like microsoft, then simply help the worm spread. knowingly disable protection and then install on as many machines as possible. you can even get the people that trust your email address, further easily spreading it. if you know exactly what the worm does, and don't mind a little bandwidth being used - knowing you can clean the system (if it is yours) - is that still considered illegal?

    I really am sick of viruses.
    Being an IT professional, I get on average 1 request per week to remove viruses / spyware / browser hijacks etc from people's computers.

    Recently I started turning them down, but offer to install Linux on their computer instead of trying to fix their Window installation.

    If I were writing a worm, however, I'd take a different approach. I'd make it spread quietly, and then destroy the Windows install completely 1 day after infection. The whole freakin' lot. People who get viruses are asking for it. If you put your computer on the internet, you have a responsibility to do the right thing by everyone else. If you stick your head in the sand and click on all the 'click here' and 'free hardcore XXX' links, then come bitching to me when the whole thing comes crumbling to the ground then you really only have yourself to blame.

    ALL computer users should take reasonable steps to keep their computers secure. ALL computer users who don't take these steps should have their hard disks wiped clean.

    Once a few viruses start doing this, people will get the hint and keep their systems secure.

    Whoever tries to muck around other people's computers should be prosecuted and punished

    since it is known as both MyDoom.M and MyDoom.O, and since Microsoft appears to one target (M)...can we expect the next target to be Oracle (O) - Or is it just coincidence?




    ADS BY GOOGLE
    Subscribe to the World's Most Powerful Newsletters

    ADS BY GOOGLE

    The question before companies today is not whether to become intelligent, it’s a question of how and...
    While some developers care passionately about how data centers and clouds are architected, for most,...
    ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
    As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
    As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being soft...
    You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
    Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
    The cloud era has reached the stage where it is no longer a question of whether a company should mig...
    The need for greater agility and scalability necessitated the digital transformation in the form of ...
    In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
    Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
    In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
    "Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
    DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
    "As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
    In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
    Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
    We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
    "I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
    "Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...