New threat from MyDoom

The immediate threat of MyDoom.O may have tailed off, but security researchers say the worm's author is already exploiting a backdoor installed by MyDoom.O to launch further attacks.

The use of a worm to create a launching pad for other threats is a worrying precedent, according to security experts, making it easier for hackers to rally large numbers of readily-available "zombie" PCs for denial-of-service attacks or to spread new viruses. This emerging technique may also account for the rapid spread of MyDoom.O itself, since an earlier worm, MyDoom.L, was discovered to have similar backdoor functionality, security firm Symantec Corp. said on Tuesday.

The worm does not leave PCs vulnerable to any attack, but aims to prevent rival attackers from making use of infected machines - in effect creating a "zombie army" under the control of the worm creator, according to Sophos Anti-Virus senior technology consultant Graham Cluley. MyDoom.O, also known as MyDoom.M, includes a feature for keeping track of all known infected systems and lets the worm's author easily upload new binaries, researchers said.

Access to the machines could be a valuable commodity for spammers, virus writers or those wishing to launch a denial-of-service attack, Cluley said. "More and more people are interested in gaining control over large numbers of zombie computers. The information on these infected PCs could be sold on to others," he said.

The worm's author has already launched a secondary attack in the form of W32.Zindos.A, which first surfaced on Tuesday and is designed to attack the Microsoft.com domain. Zindos.A does not appear to have spread widely so far, possibly in part because of a coding error which slows down the performance of infected machines, Symantec said. Microsoft said it was experiencing no problems with its site.

However, future attacks are likely to be on the way, researchers said. While MyDoom.O's spread has dropped steadily since soon after its initial appearance, a large number of infected PCs are still likely to be available - email outsourcing firm MessageLabs Ltd. said it had intercepted more than 980,000 copies of the worm as of midday on Wednesday. "It is still a threat," said Katrin Tocheva, team manager with F-Secure. "It's not as bad as Monday, but it is still out there -- there are hundreds of thousands of infected computers all over the world."

And MyDoom.O's success at disabling the Google search engine on Tuesday should demonstrate the danger denial-of-service attacks pose, experts said. "If there's a determined attack, there's not much you can do," said Cluley. "If you can disrupt Google, you can probably hit anyone on the Internet. It shows the power of a lot of computers working together."

An unrelated denial-of-service attack brought the DoubleClick Inc. advertising network down for several hours on Tuesday, disrupting many sites that displayed DoubleClick advertisements.

The real problem is the existence of millions of unprotected PCs on the Internet, mostly belonging to home users who are unaware their machines are being used to launch attacks, said Cluley. He suggested ISPs could play a more active role in protecting such PCs.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Essentials

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?