New threat from MyDoom

The immediate threat of MyDoom.O may have tailed off, but security researchers say the worm's author is already exploiting a backdoor installed by MyDoom.O to launch further attacks.

The use of a worm to create a launching pad for other threats is a worrying precedent, according to security experts, making it easier for hackers to rally large numbers of readily-available "zombie" PCs for denial-of-service attacks or to spread new viruses. This emerging technique may also account for the rapid spread of MyDoom.O itself, since an earlier worm, MyDoom.L, was discovered to have similar backdoor functionality, security firm Symantec Corp. said on Tuesday.

The worm does not leave PCs vulnerable to any attack, but aims to prevent rival attackers from making use of infected machines - in effect creating a "zombie army" under the control of the worm creator, according to Sophos Anti-Virus senior technology consultant Graham Cluley. MyDoom.O, also known as MyDoom.M, includes a feature for keeping track of all known infected systems and lets the worm's author easily upload new binaries, researchers said.

Access to the machines could be a valuable commodity for spammers, virus writers or those wishing to launch a denial-of-service attack, Cluley said. "More and more people are interested in gaining control over large numbers of zombie computers. The information on these infected PCs could be sold on to others," he said.

The worm's author has already launched a secondary attack in the form of W32.Zindos.A, which first surfaced on Tuesday and is designed to attack the Microsoft.com domain. Zindos.A does not appear to have spread widely so far, possibly in part because of a coding error which slows down the performance of infected machines, Symantec said. Microsoft said it was experiencing no problems with its site.

However, future attacks are likely to be on the way, researchers said. While MyDoom.O's spread has dropped steadily since soon after its initial appearance, a large number of infected PCs are still likely to be available - email outsourcing firm MessageLabs Ltd. said it had intercepted more than 980,000 copies of the worm as of midday on Wednesday. "It is still a threat," said Katrin Tocheva, team manager with F-Secure. "It's not as bad as Monday, but it is still out there -- there are hundreds of thousands of infected computers all over the world."

And MyDoom.O's success at disabling the Google search engine on Tuesday should demonstrate the danger denial-of-service attacks pose, experts said. "If there's a determined attack, there's not much you can do," said Cluley. "If you can disrupt Google, you can probably hit anyone on the Internet. It shows the power of a lot of computers working together."

An unrelated denial-of-service attack brought the DoubleClick Inc. advertising network down for several hours on Tuesday, disrupting many sites that displayed DoubleClick advertisements.

The real problem is the existence of millions of unprotected PCs on the Internet, mostly belonging to home users who are unaware their machines are being used to launch attacks, said Cluley. He suggested ISPs could play a more active role in protecting such PCs.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Logitech Ultimate Ears Wonderboom Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?