Beating the New MyDoom (Windows) Variant

 
 
By Jay Munro  |  Posted 2004-01-28 Email Print this article Print
 
 
 
 
 
 
 

The second MyDoom virus goes after the Microsoft Web site and tries to block you from access Antivirus help. Still, the resulting hack to your Windows Hosts file can be undone.

The new W32/MyDoom.B-mm virus adds another twist to the MyDoom story. In addition to switching the DNS attack to Microsofts web site, it uses a standard mechanism in Microsoft Windows to block a users access to antivirus sites. MyDoom.B overwrites the existing Windows Hosts file, normally empty, with a file that blocks the real addresses of most antivirus sites. This means that at a time when you need an antivirus software vendors support most (during infection), you wont be able to get it.
The Hosts file acts as a local DNS (Domain Name Server/Service) on a Windows machine, and takes precedence over the global DNS request that every browser makes when you enter a URL, such as www.pcmag.com. Normally, when you request a web site, your browser sends a request to a global DNS, which returns the actual IP address of the site. Your browser then uses that IP address to access the web site, and bring you the web pages. If an address, such as www.microsoft.com is in the Windows Hosts file, your browser gets whatever address is stored there, and doesnt bother going out to the global DNS.
Click here for the complete story, including removal instructions.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel