New MyDoom Piggybacks a Nastier Worm

 
 
By Jay Munro  |  Posted 2004-08-18 Email Print this article Print
 
 
 
 
 
 
 

As a medium-level threat, MyDoom.S doesn't really do much, but it does download a particularly dangerous Trojan called Backdoor.Ratos.A.

Microsoft on Aug. 25 is rolling out the Windows XP Service Pack 2 to the new Windows Update site so the public can update automatically. For the majority of home users, its a case of "just do it." Meanwhile, MyDoom is back with a new variation that downloads a particularly nasty Trojan called Backdoor.Ratos.A. The SP2 update adds security features that home users should not be without. If you know a home user who doesnt understand security, make sure they update. Either click on Windows Update from the start menu, or visit the Microsoft home security site.

Click here to read more about Microsofts decision to delay automatic delivery of Windows XP SP2.
But since the Service Pack 2 update has the potential to break applications, especially ones in corporate use, many companies are opting not to update until theyve had time to test. Microsoft, in response, offered a way to disable automatic updating for four months from the public release date. One caveat is that the update disabler needs to be applied to a system before it is updated.

Once youve installed Windows XP SP2 and the new Windows Firewall is enabled, you may find that some programs do not work correctly. This is usually just a simple tweak of the firewall to let the application work with the Web. See our Security Tip for a jumpstart on how to exempt ports and applications in the new Windows Firewall.

A few weeks ago, we told you about a Windows CE concept virus, which had been sent to anti-virus vendors to prove it could be done. But the first Windows CE Trojan, Backdoor.Brador.A, has now been seen in the wild. According to reports, the Trojan affects Windows CE Version 4.2 (on Pocket PCs) and spreads through e-mail or downloaded programs. The virus requires user interaction to install, either opening the e-mail or downloading the file. Once infected, the virus opens a back door and sends your IP address to the attacker. The good news is that you have to do something to get it, and it doesnt spread on its own. F-Secure and TrendMicro claim to have solutions.

MyDoom is back with W32/MyDoom.S-mm. This variation, also known as MyDoom.Q@mm, Worm_Ratos.A, and I-worm.Win32.Ratos, was discovered Sunday and jumped to a medium-level threat very quickly. While MyDoom.S doesnt really do much, it downloads a particularly nasty Trojan called Backdoor.Ratos.A. See our top threat for more information.

Meanwhile, Netcraft is reporting some encouraging information on phishing sites. According to a June report from the Anti-Phishing Working Group, here in PDF form, the average life of a phishing Web site is just 54 hours. To read the full story, click here.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel