New threat from MyDoom

The immediate threat of MyDoom.O may have tailed off, but security researchers say the worm's author is already exploiting a backdoor installed by MyDoom.O to launch further attacks.

The use of a worm to create a launching pad for other threats is a worrying precedent, according to security experts, making it easier for hackers to rally large numbers of readily-available "zombie" PCs for denial-of-service attacks or to spread new viruses. This emerging technique may also account for the rapid spread of MyDoom.O itself, since an earlier worm, MyDoom.L, was discovered to have similar backdoor functionality, security firm Symantec Corp. said on Tuesday.

The worm does not leave PCs vulnerable to any attack, but aims to prevent rival attackers from making use of infected machines - in effect creating a "zombie army" under the control of the worm creator, according to Sophos Anti-Virus senior technology consultant Graham Cluley. MyDoom.O, also known as MyDoom.M, includes a feature for keeping track of all known infected systems and lets the worm's author easily upload new binaries, researchers said.

Access to the machines could be a valuable commodity for spammers, virus writers or those wishing to launch a denial-of-service attack, Cluley said. "More and more people are interested in gaining control over large numbers of zombie computers. The information on these infected PCs could be sold on to others," he said.

The worm's author has already launched a secondary attack in the form of W32.Zindos.A, which first surfaced on Tuesday and is designed to attack the domain. Zindos.A does not appear to have spread widely so far, possibly in part because of a coding error which slows down the performance of infected machines, Symantec said. Microsoft said it was experiencing no problems with its site.

However, future attacks are likely to be on the way, researchers said. While MyDoom.O's spread has dropped steadily since soon after its initial appearance, a large number of infected PCs are still likely to be available - email outsourcing firm MessageLabs Ltd. said it had intercepted more than 980,000 copies of the worm as of midday on Wednesday. "It is still a threat," said Katrin Tocheva, team manager with F-Secure. "It's not as bad as Monday, but it is still out there -- there are hundreds of thousands of infected computers all over the world."

And MyDoom.O's success at disabling the Google search engine on Tuesday should demonstrate the danger denial-of-service attacks pose, experts said. "If there's a determined attack, there's not much you can do," said Cluley. "If you can disrupt Google, you can probably hit anyone on the Internet. It shows the power of a lot of computers working together."

An unrelated denial-of-service attack brought the DoubleClick Inc. advertising network down for several hours on Tuesday, disrupting many sites that displayed DoubleClick advertisements.

The real problem is the existence of millions of unprotected PCs on the Internet, mostly belonging to home users who are unaware their machines are being used to launch attacks, said Cluley. He suggested ISPs could play a more active role in protecting such PCs.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?