Finance Shopping Travel Webhosting Business Webmaster Hotels More

Keyword links
Business
Computer
Debt
Education
Finance
Games
Health
Jobs
Kids
News
Processors
Real estate
Shopping
Software
Sports
Telecom
Translators
Travel
Webdesign
Webhosting
Webmaster
More topics.....


logo.jpg (25250 bytes)

Home | Advertising | Keywords | Work at home | Contact us

Doomjuice.b virus


Google
  Web www.ugamedia.com

Doomjuice saga continues - Version b enforces the attack on Microsoft

Kaspersky Labs, a leading information security software developer, has
detected a second version of the Internet worm Doomjuice - Doomjuice.b.
It propagates using the same methods as the original version
(http://www.viruslist.com/eng/alert.html?id=930701). Both worms scan the
Internet for computers infected either by Mydoom.a or Mydoom.b.
Doomjuice uses port 3127, breached earlier by Mydoom, to install copies
of itself which the Trojan component of Mydoom then launches.

However, Doomjuice.b differs from the previous version. Doomjuice.b has
been created solely to conduct a DoS attack on the Microsoft site. The
worm first copies itself into the Windows directory under the name
regedit.exe and then registers this file in the system registry auto-run
key. Once installation is complete Doomjuice checks the system date.
The DoS attack will be launched in any month of any year except January,
excluding dates between the 8th and 12th of the month. If the system
date meets these requirements, Doomjuice sends multiple GET requests to
port 80 on www.microsoft.com.

The author of Doomjuice.b uses a server request technique unique for
such virus type: the worm's request mimics the Internet Explorer
request text. As a result, requests from infected computers may not be
blocked, as this technique makes it impossible to distinguish between
valid requests and ones generated by Doomjuice.b. This feature
potentially increases the destructive capabilities of the worm. If
Doomjuice.b becomes wide-spread, Microsoft may need to implement some of
the security measures intended for such eventualities.

Kaspersky Labs has already updated the anti-virus database with
protection against Doomjuice.b. A detailed description of the worm is
available in the Kaspersky Virus Encyclopedia
(http://www.viruslist.com/eng/viruslist.html?id=942691)


Kaspersky Labs Corporate Communications

10, Geroyev Panfilovtsev St, Moscow, 125363, Russia
Tel.: +7 095 948 56 50; Fax: +7 095 948 43 31
http://www.kaspersky.com;
http://www.viruslist.com

 


 

 

 

 

 

 

 

 

 

 

 

 

Click here for information