New worm seeks to attack Microsoft

Hackers have developed a new version of powerful Mydoom internet worm that attempts to use infected computers to launch attacks aimed at shutting down Microsoft's main website, experts said Monday.

    Ero Carrera cracked the Mydoom virus in two hours

    The security firm F-Secure said the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm.

    The original Mydoom worm had infected more than one million computers worldwide at its peak in late January and highlighted the vulnerability of the internet to infections that allow affected computers to be controlled for hacker attacks.

    Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said.

    "To locate machines with the backdoor open, Doomjuice scans random IP (Internet Protocol) addresses... If the port is open the worm sends itself in a specially crafted package that makes the Mydoom.A infected machine execute the file thus infecting it with Doomjuice too."

    Doomjuice triggers a so-called denial of service (DDoS) attack against by trying to overload the site with information requests.

    "In order to overload the worm starts 16-80 parallel threads that connect to the website and try to download the main page in an infinite loop," F-Secure said.

    Second version

    Mydoom.B, the second version of the worm, also launched an attack on Microsoft, but failed to shut down the website. Mydoom.A shut down the site of SCO, owner of the Unix operating system.

    The British-based security firm mi2g said that Microsoft's website "has been intermittently inaccessible on a few occasions from major North American, European and Asian cities on Saturday and Sunday as MyDoom continued to spread relentlessly and MyDoom.b upgraded MyDoom.a infected machines."

    "MyDoom is still out there and spreading," said mi2g's DK Matai.

    "It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.b which targets Microsoft."



    Interactive: Plundering Cambodia's forests

    Interactive: Plundering Cambodia's forests

    Meet the man on a mission to take down Cambodia's timber tycoons and expose a rampant illegal cross-border trade.

    The priceless racism of the Duke of Edinburgh

    The priceless racism of the Duke of Edinburgh

    Prince Philip has done the world an extraordinary service by exposing the racist hypocrisy of "Western civilisation".

    China will determine the future of Venezuela

    China will determine the future of Venezuela

    There are a number of reasons why Beijing continues to back Maduro's government despite suffering financial losses.