Mumbai:
Making its debut on the net, alongside its cousins Mydoom.a
and Mydoom.b, is the worm Doomjuice. It continues to target
Microsoft, but apart from slowing down the Microsoft home
site it hasn't been able to score the same 'denial of
service' as it did with the site of software firm, SCO
Inc.
According
to McAfee, this worm attempts to spread to Mydoom.a and
Mydoom.b infected systems, by entering in through the
backdoor created by the Mydoom virus, but does not spread
via email. Only the systems already infected with Mydoom
are at risk.
Interestingly,
security experts are pointing out that the fact that Doomjuice
plants the source code for the original MyDoom virus,
would suggest that the creator of this worm is also the
writer of the original Mydoom virus. The virus copies
itself to the windows system directory as intrenat.exe
and creates a registry run key to load itself at system
startup.
McAfee
says that doomjuice drops an 'archived copy of the source
for W32/Mydoom to the root of the system drive, the Windows
directory and the Windows System directory.'
This,
in the language of the layman, means that it places the
source code for the original MyDoom virus on victims'
hard drives, an action that security experts are describing
as a possible attempt, by the original writer/s, to either
cover their tracks, or to invite the world at large to
participate in their attack.
By
creating a whole army of PC users, the writers of the
worm are not only muddying the waters for people who are
trying to track them down, but also interestingly, increasing
the number of people, who would now have access to the
original source code.
This
may, quite likely, tempt others to try out their own variation.
Software firm SCO, and Microsoft, have already announced
a cumulative bounty of $500,000 for information leading
to the arrest of
the authors of the worm, and so doomjuice is now clearly
the next, and a very intriguing, gambit that has now been
played out in this cat and mouse game.
|