New threat from MyDoom

The immediate threat of MyDoom.O may have tailed off, but security researchers say the worm's author is already exploiting a backdoor installed by MyDoom.O to launch further attacks.

The use of a worm to create a launching pad for other threats is a worrying precedent, according to security experts, making it easier for hackers to rally large numbers of readily-available "zombie" PCs for denial-of-service attacks or to spread new viruses. This emerging technique may also account for the rapid spread of MyDoom.O itself, since an earlier worm, MyDoom.L, was discovered to have similar backdoor functionality, security firm Symantec Corp. said on Tuesday.

The worm does not leave PCs vulnerable to any attack, but aims to prevent rival attackers from making use of infected machines - in effect creating a "zombie army" under the control of the worm creator, according to Sophos Anti-Virus senior technology consultant Graham Cluley. MyDoom.O, also known as MyDoom.M, includes a feature for keeping track of all known infected systems and lets the worm's author easily upload new binaries, researchers said.

Access to the machines could be a valuable commodity for spammers, virus writers or those wishing to launch a denial-of-service attack, Cluley said. "More and more people are interested in gaining control over large numbers of zombie computers. The information on these infected PCs could be sold on to others," he said.

The worm's author has already launched a secondary attack in the form of W32.Zindos.A, which first surfaced on Tuesday and is designed to attack the Microsoft.com domain. Zindos.A does not appear to have spread widely so far, possibly in part because of a coding error which slows down the performance of infected machines, Symantec said. Microsoft said it was experiencing no problems with its site.

However, future attacks are likely to be on the way, researchers said. While MyDoom.O's spread has dropped steadily since soon after its initial appearance, a large number of infected PCs are still likely to be available - email outsourcing firm MessageLabs Ltd. said it had intercepted more than 980,000 copies of the worm as of midday on Wednesday. "It is still a threat," said Katrin Tocheva, team manager with F-Secure. "It's not as bad as Monday, but it is still out there -- there are hundreds of thousands of infected computers all over the world."

And MyDoom.O's success at disabling the Google search engine on Tuesday should demonstrate the danger denial-of-service attacks pose, experts said. "If there's a determined attack, there's not much you can do," said Cluley. "If you can disrupt Google, you can probably hit anyone on the Internet. It shows the power of a lot of computers working together."

An unrelated denial-of-service attack brought the DoubleClick Inc. advertising network down for several hours on Tuesday, disrupting many sites that displayed DoubleClick advertisements.

The real problem is the existence of millions of unprotected PCs on the Internet, mostly belonging to home users who are unaware their machines are being used to launch attacks, said Cluley. He suggested ISPs could play a more active role in protecting such PCs.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?