February 9, 2004 4:45 PM PST

New viruses feed on MyDoom infections

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: MyDoom virus spells double trouble
February 3, 2004; Microsoft shrugs off MyDoom attack
February 3, 2004; Clues point to single MyDoom culprit
February 2, 2004; MyDoom downs SCO site
February 2, 2004

Two worms that take advantage of computers whose security has already been compromised started spreading on Monday, antivirus software companies warned.

The two opportunistic programs--dubbed Doomjuice and Deadhat--threatened only those users still infected with a version of the MyDoom virus, and didn't pose a major problem for businesses that had previously cleaned systems infected with the virus, the companies said.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"There are only about 50,000 or 75,000 machines left that are infected," said Vincent Gullotto, vice president for antivirus and vulnerability emergency response team at Network Associates.

Doomjuice, which has had a moderate spread, attempts to direct any re-infected PC to attack Microsoft's Web site, Gullotto said. The re-invigorated attack may be responsible for making Microsoft's site inaccessible late Sunday night and early Monday morning, according to Internet performance measurement firm Netcraft.

The first version of MyDoom spread through e-mail two weeks ago, infecting a new computer every time an unwary user opened the attached file that contained the program. As many as 2 million PCs may have been infected, according to some estimates, while others put the number at 1 million or a few hundred thousand computers.

The original virus was programmed to attack the SCO Group's Web site on Feb. 1, while the variant MyDoom.B was programmed to target Microsoft's site from Feb. 3 until March 1.

The original attack succeeded in making the SCO Web site inaccessible when PCs infected with the original version of the MyDoom virus started sending mock Web requests to the company's main server. However, Microsoft appears to have suffered less from its MyDoom strike, benefiting from the slow spread of the second virus and a bug in the code that limits the attack to only 7 percent of all infected computers.

However, Microsoft had some Web site problems on early Monday, according to Netcraft. It's unknown if the latest worms caused the issues. Microsoft couldn't immediately comment on the issue.

Doomjuice, which scans for PCs infected with MyDoom, has spread to enough computers that customers have submitted samples to Network Associates' Gullotto.

"The Doomjuice has had some success," Gullotto said. "It only infects machines that (have been compromised), so obviously some people didn't know they were infected."

Network Associates still hasn't received any samples of the other worm, Deadhat. While some antivirus companies, including Network Associates and Symantec, believe the virus spreads by scanning for vulnerable computers that have already been infected with the MyDoom viruses, the worm hasn't spread as far as Doomjuice. Deadhat also spreads through the peer-to-peer file sharing program SoulSeek.

See more CNET content tagged:
MyDoom virus, Networks Associates Technology Inc., spread, virus, worm

Latest tech news headlines

Duke Energy to invest in mini solar power plants
Posted in Green Tech by Martin LaMonica

September 5, 2008 9:48 AM PDT
About time: Joost to launch browser-based player
Posted in News - Digital Media by Greg Sandoval

September 5, 2008 9:24 AM PDT
Google and 'Vanity Fair' party with the GOP
Posted in News - Politics and Law by Stephanie Condon

September 5, 2008 9:17 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Samsung contemplating SanDisk acquisition
South Korean consumer electronics giant is considering a buyout of the chipmaker to reduce its NAND flash memory costs, according to PaidContent.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
The Open Road
Analysts as a lagging indicator of success
Gartner, Forrester, and other analyst firms tend to be great predictors of the past, probably because that's where they get their money.
Beyond Binary
Memo: Windows chief on new ads
Windows business unit head Bill Veghte send a memo to troops late Thursday promising that the debut Seinfeld/Bill Gates ad was just an "icebreaker."
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Digital Media
About time: Joost to launch browser-based player
Company's desktop client failed to catch on with the public, so the Web video service is retooling, but is it too late to catch up to Hulu and Google's YouTube?
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Politics and Law
Google and 'Vanity Fair' party with the GOP
Google and Vanity Fair hosted one of the most talked-about parties at the Republican convention.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
Gadgettes, the blog
Gadgettes 105: The Sing, Sing a Song Episode
We have music on the brain in today's episode of Gadgettes. Don't worry, we won't destroy your ear drums with ear-piercing renditions of your least favorite '80s tunes. Instead, we'll soften the blow with a slew of musical gadgets and accessories.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.