Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Symantec has further analysed the Mydoom.M threat

Wed, 28 July 2004

Symantec has further analysed the Mydoom.M threat and has discovered some previously undocumented functionality. This functionality includes a mechanism that is used to maintain a list of all known infected systems, and permits the worm's author to upload updated binaries while prohibiting others from rapidly taking over the infected systems. This mechanism permits the author to rapidly and automatically update all Mydoom.M-infected systems with new arbitrary malicious code with little risk of its network being hijacked by rival worm authors.

Symantec Security experts have also re-examined W32.Mydoom.L@mm and found it also contains a system designed to maintain a list of all known infected systems, and to permit its author to upload update executables, while making it difficult for others to takeover the infected network.

"Due to the recent release and widespread infection rate of the Mydoom.M worm, we believed that computers infected with Mydoom.L may have been used as a form of peer-to-peer seed network, explaining why Mydoom.M became a high-profile worm so rapidly," said Alfred Huger, senior director, Symantec Security Response. "This process would simply require the author to upload Mydoom.M to one infected host and have it read the stored IP list and upload itself to other systems."

The Symantec Security Response team is currently investigating the functionality available within these worms. Symantec experts believe that the malicious code writer is using these threats to inject other new malicious code into the wild. One such malicious code is W32.Zindos.A.

This new threat discovered by Symantec Security Response this morning is exploiting the backdoor left by Mydoom.M. The new worm, created by the Mydoom virus writer, attempts to perform a DoS attack against the domain, W32.Zindos.A was discovered this morning and has been rated as a Category 2 threat. For detailed information on this latest threat, visit

Symantec experts believe that the author of these threats is using W32.Zindos.A to update the Mydoom variants. Through Symantec's DeepSight early warning solutions, which include a network of 20,000 sensors monitoring IDS and firewall activity around the globe, Symantec has detected a spike in activity -- three degrees from normal deviation targeting TCP port 1034 and 1042, which are associated with W32.Mydoom.M@mm and W32.Mydoom.L@mm respectively.

Symantec Security Response recommends users to update the AV definitions, block access to TCP port 1034 and 1042 on all systems and deploy attachment filters on all e-mail gateway systems. Additionally, do not open or execute files from unknown sources. Using a firewall or IDS may block or detect back door server communications with the remote client application


© Scoop Media

Business Headlines | Sci-Tech Headlines


I Sing The Highway Electric: Charge Net NZ To Connect New Zealand

BMW is turning Middle Earth electric after today announcing a substantial contribution to the charging network Charge Net NZ. This landmark partnership will enable Kiwis to drive their electric vehicles (EVs) right across New Zealand through the installation of a fast charging highway stretching from Kaitaia to Invercargill. More>>


Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>


Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Half A Billion Accounts, Including Xtra: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>


Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news