Lopez Island Orcas Island  Visitor's Guide 
about usadvertising ratesarchivesart and entertainment in the San Juan Islandsstories about businesses in the San Juanscalendar of eventsclassified adscolumnists
contact usstories about environmentstories about ferrieshealth-related storiesletters to the editor Links to sites San Juan Islanders may find useful non-profitsobituaries
peoplereal estatesheriff logsportshelp support your local newsthings to dovolunteer opportunities

INTERNET

Email this page to a friend

Doomjuice found on the Internet

posted 02/10/04
PRESS RELEASE: A new network worm known as Doomjuice has been found. This worm is closely associated with the previous Mydoom worms. It infects Windows machines which are already infected by Mydoom.A. On such machines the worm will infect the computer totally automatically - the owner of the computer can be sleeping and still get Doomjuice to his computer. Doomjuice does not spread over email at all.

According to Mikko Hypponen, Director of Anti-Virus Research at F-Secure, Doomjuice has launched a world-wide denial-of-service attack against www.microsoft.com - one of the largest websites in the world.

Doomjuice spreads between computers that are already infected with the Mydoom.A worm. It uses the backdoor installed by Mydoom.A. To locate machines with the backdoor open, Doomjuice scans random internet addresses. When it finds a machine that is infected by Mydoom.A, it sends itself over infecting it with Doomjuice too.

Doomjuice drops the original source code of the Mydoom.A worm in an archive to several folders of infected computers. "This proves to us that Doomjuice and Mydoom.A are written by the same people," said Hypponen. "The source code of Mydoom.A has not been seen circulating in the underground before."

The motivation to distribute source seems to be simple. "The authors know the police are looking for them. And the best evidence against them would be the possession of the original source code of the virus. Before the Doomjuice incident, only the authors of Mydoom.A had the original source code. Now probably tens of thousands of people have it on their hard drive - without knowing it," says Hypponen.

The worm has been programmed to start a distributed denial-of-service attack against www.microsoft.com after the Feb. 8, 2004, which is when the worm was probably distributed. The attacks will continue forever and will try to overload the Web site by repeatedly reloading the front page.

Detailed technical description of the worm as well as screenshots are available in the F-Secure Virus Description Database at http://www.f-secure.com/v-descs/doomjuice.shtml

SAN JUAN ISLANDER © 2010

editor@sanjuanislander.com

About Us | Advertising Info | Contact Us | Privacy Policy