MyDoom Attacks Microsoft.com Through Back Door | eWeek

MyDoom Attacks Microsoft.com Through Back Door

Écrit par
Dennis Fisher
Dennis Fisher
Jul 27, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com.

MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for further commands. Zindos spreads itself by scanning for machines listening on port 1034. When it finds one, Zindos copies itself to the infected PC and then Zincite executes the copy.

Zindos then creates an executable file and launches a DDoS attack against Microsoft Corp.s main Web site. Some earlier versions of MyDoom also attacked the companys site. Microsofts site appeared to be unaffected by the activity.

/zimages/2/28571.gifClick hereto read about MyDooms impact on search engines.

Analysts at Symantec Corp., based in Cupertino, Calif., said Tuesday that they had discovered a previously unknown function in MyDoom.O that keeps track of every system the worm infects.

After finding this, the analysts went back over the code from MyDoom.L and found that that variant contains the same feature. This led the team to conclude that the worms author may have used the machines infected by the L variant as a seeding ground for the latest version.

The author could have simply uploaded a copy of MyDoom.O to one of the PCs infected by MyDoom.L and instructed the worm to read the list of compromised machines. MyDoom.O then could have sent itself to all of those other PCs.

/zimages/2/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Symantec also said its analysts believe that Zindos is being used as an updating mechanism for the MyDoom worms, which means that their behavior and characteristics could change at any time.

Also Tuesday, e-mail security provider MessageLabs Inc. said it had seen more than 530,000 copies of MyDoom.O since its arrival late Sunday.

/zimages/2/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis.

/zimages/2/77042.gif

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/2/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.