Fast spreading MyDoom worm marks first big attack of 2004
Strangely enough, I first got to the article without
problem (not registered there), but now it prompts me to log in/register.
*Shrug* For your ease, find full article posted
below.
"Nay! I wanna go myself!" --> http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=52944
"Nay! I wanna go myself!" --> http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=52944
Fast spreading MyDoom worm marks first big
attack of 2004
[PC Pro] 11:56 Tuesday 27th January 2004
The first big worm attack of 2004 is spreading fast throughout the world today. The MyDoom worm, which is a variant of the MiMail virus, spreads via email or to any available shared directories used by Kazaa.
The worm harvests email addresses from the hard disk and then generatees randomly-chosen addresses for both the 'to' and 'from' fields. This means that the 'from' address is spoofed and does not tell the next victim where the mail came from.
The subject lines of the worm include such things as 'error', 'hello', 'hi', 'mail delivery system' or 'mail transaction failed'. The worm can arrive either as an .exe or .zip attachment and can appear as a text file icon although it is an executable.
MyDoom-A copies itself to the System folder with the name taskmon.exe. it also drops the backdoor program shimgapi.dll, which is loaded by the worm. The backdoor allows a hacker access to TCP port 3127 on the computer. The worm also amends the registry so that it loads every time the computer is switched on.
According to security firm Sophos, the backdoor access has been designed to launch a denial of service (DoS) attack against SCO's website.
By midnight, MessageLabs estimated that it had intercepted some 165,000 copies of the worm yet was still spreading rapidly.
You can download the IDE file from the Sophos website .
Steve Malone
[PC Pro] 11:56 Tuesday 27th January 2004
The first big worm attack of 2004 is spreading fast throughout the world today. The MyDoom worm, which is a variant of the MiMail virus, spreads via email or to any available shared directories used by Kazaa.
The worm harvests email addresses from the hard disk and then generatees randomly-chosen addresses for both the 'to' and 'from' fields. This means that the 'from' address is spoofed and does not tell the next victim where the mail came from.
The subject lines of the worm include such things as 'error', 'hello', 'hi', 'mail delivery system' or 'mail transaction failed'. The worm can arrive either as an .exe or .zip attachment and can appear as a text file icon although it is an executable.
MyDoom-A copies itself to the System folder with the name taskmon.exe. it also drops the backdoor program shimgapi.dll, which is loaded by the worm. The backdoor allows a hacker access to TCP port 3127 on the computer. The worm also amends the registry so that it loads every time the computer is switched on.
According to security firm Sophos, the backdoor access has been designed to launch a denial of service (DoS) attack against SCO's website.
By midnight, MessageLabs estimated that it had intercepted some 165,000 copies of the worm yet was still spreading rapidly.
You can download the IDE file from the Sophos website .
Steve Malone
Posted: Di - Januar 27, 2004 at 11:11 Uhr
Quick Links
Calendar
| So | Mo | Di | Mi | Do | Fr | Sa |
Categories
Archives
Yare, yare ^ ^;;
Which Rurouni Kenshin Character Are You?
Test Created By oronoda
XML/RSS Feed
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Okt 16, 2004 02:18 Uhr
Total entries in this category:
Published On: Okt 16, 2004 02:18 Uhr