Digital Edition

SYS-CON.TV
Microsoft.com Is New Target for Network Worm "Double Whammy"
MyDoom.O and Google/Lycos/Altavista/Yahoo! attacks were maybe just the beginning, say experts.

  • "Google's Down!?!?!?!?" - Google Search Performance Flubbed by MyDoom

    According to the Finnish anti-virus firm F-Secure, yesterday's MyDoom.O (or MyDoom.M) attacks on Google, Yahoo!, Altavista, and Lycos are part of a double whammy involving a new worm called Zindos. And the target of Zindos appears to be the Microsoft.com Web site.

    "Zindos and Mydoom.M work together," F-Secure reports this morning. "Mydoom.M laid out the path by infecting a large number of systems and preparing a list of them. Zindos hitches a ride on the Mydoom highway. It uses the lists and the backdors, prepared by Mydoom.M, to quickly spread and hit its target, which is www.microsoft.com."

    Zindos first arrives through the MyDoom.M backdoor, F-Secure explains. When uploaded to the victim, the worm file is dropped to the TEMP folder with a random name. The file is added to the registry as either of

     [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "Tray" = "%TEMP%\<random_name>.exe"
    

     [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "Tray" = "%TEMP%\<random_name>.exe"
    

    To propagate itself, Zindos then uses the list of compromised computers collected by the MyDoom.M backdoor. The worm goes through the list and uploads itself with the corresponding command through the backdoor.

    The so-called "payload" of Zindos is a Distributed Denial-of-Service routine that downloads http://www.microsoft.com/ in an infinite loop with 50ms delays. The AP notes however that experts don't at present believe such a DDoS attack will "significantly" disrupt the Redmond giant's site performance.

  • About Security News Desk
    SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

    In order to post a comment you need to be registered and logged in.

    Register | Sign-in

    Reader Feedback: Page 1 of 1

    well... how about this take? if you don't like microsoft, then simply help the worm spread. knowingly disable protection and then install on as many machines as possible. you can even get the people that trust your email address, further easily spreading it. if you know exactly what the worm does, and don't mind a little bandwidth being used - knowing you can clean the system (if it is yours) - is that still considered illegal?

    I really am sick of viruses.
    Being an IT professional, I get on average 1 request per week to remove viruses / spyware / browser hijacks etc from people's computers.

    Recently I started turning them down, but offer to install Linux on their computer instead of trying to fix their Window installation.

    If I were writing a worm, however, I'd take a different approach. I'd make it spread quietly, and then destroy the Windows install completely 1 day after infection. The whole freakin' lot. People who get viruses are asking for it. If you put your computer on the internet, you have a responsibility to do the right thing by everyone else. If you stick your head in the sand and click on all the 'click here' and 'free hardcore XXX' links, then come bitching to me when the whole thing comes crumbling to the ground then you really only have yourself to blame.

    ALL computer users should take reasonable steps to keep their computers secure. ALL computer users who don't take these steps should have their hard disks wiped clean.

    Once a few viruses start doing this, people will get the hint and keep their systems secure.

    Whoever tries to muck around other people's computers should be prosecuted and punished

    since it is known as both MyDoom.M and MyDoom.O, and since Microsoft appears to one target (M)...can we expect the next target to be Oracle (O) - Or is it just coincidence?




    ADS BY GOOGLE
    Subscribe to the World's Most Powerful Newsletters

    ADS BY GOOGLE

    The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
    CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
    Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
    Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
    Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
    DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
    The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
    DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
    DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
    Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
    Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
    Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
    In this presentation, you will learn first hand what works and what doesn't while architecting and d...
    The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
    To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
    We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
    If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
    Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
    We build IoT infrastructure products - when you have to integrate different devices, different syste...
    Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...