Monday, May 24, 2004
Abc Morning Show
Dooms Day Nearly Here for MY.Doom Virus
According to Symantec a major manufacturer of utilities software and pc security software the My.Doom virus only has another couple of days of spreading a replicating to go. My.Doom according the antiviral manufacturer has a reproductive shelf life that expires on the 12th of February 2004, however, the virus and its activities remain resident and then localized on the machines it has infected allowing a hacker to get in to the computer through an open “backdoor” the virus has created.
Below is what Symantec say about the virus
W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
However, I am a little skeptical about the viruses supposed stop work on reproducing on the 12th of February. But what the writer of the virus was trying to do was get computers infected in a short space of time, leave the virus there undetected and then at a later date scan the internet for computers advertising they can be accessed through the backdoor the virus creates. However, for the computers to become infect the end user has to be a bit of the stupid side and activate it because the email that it comes as an attachment with doesn’t really give you any reason to click on the attachment and infect your computer.
According to Symantec a major manufacturer of utilities software and pc security software the My.Doom virus only has another couple of days of spreading a replicating to go. My.Doom according the antiviral manufacturer has a reproductive shelf life that expires on the 12th of February 2004, however, the virus and its activities remain resident and then localized on the machines it has infected allowing a hacker to get in to the computer through an open “backdoor” the virus has created.
Below is what Symantec say about the virus
W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.
However, I am a little skeptical about the viruses supposed stop work on reproducing on the 12th of February. But what the writer of the virus was trying to do was get computers infected in a short space of time, leave the virus there undetected and then at a later date scan the internet for computers advertising they can be accessed through the backdoor the virus creates. However, for the computers to become infect the end user has to be a bit of the stupid side and activate it because the email that it comes as an attachment with doesn’t really give you any reason to click on the attachment and infect your computer.
# posted by Peter Saville - IT Consultant @ 8:15 PM 
