Penetration Testing mailing list archives
RE: MyDoom
From: "Alan" <alancr () ntlworld com>
Date: Thu, 5 Jan 2006 20:20:41 -0000
My understanding is that Mydoom-infected hosts receive commands by connecting to an IRC channel.
Some variant might have, but most of the action here was network sweeps for port whatever-it-was. Mydoom.c arrived with the source code and that included a relatively trivial client (socks4 with kludges) for connecting, sending and executing files via the mydoom backdoor. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- MyDoom Mohamed Abdel Kader (Jan 02)
- RE: MyDoom Simon Edwards (Jan 04)
- RE: MyDoom Alan (Jan 05)
- Re: MyDoom xyberpix (Jan 05)
- Re: MyDoom Maxime Ducharme (Jan 04)
- RE: MyDoom IanC @ TracingEmails (Jan 04)
- <Possible follow-ups>
- RE: MyDoom Simon Edwards (Jan 04)
- RE: MyDoom Simon Edwards (Jan 04)