Security Incidents mailing list archives
Re: Type od DDoS in MyDoom????
From: "KeyFocus" <support () keyfocus net>
Date: Tue, 3 Feb 2004 23:59:40 -0000
: Does anybody know what type of DDoS is in the MyDoom virus?
The DDOS attack is certainly grabing the headlines but its the long term that bothers me. MyDoom listens on port 3127. According to reports it allows files to be uploaded and executed on the host machine and provides a proxy service. Other reports suggest over 1 million machines infected. This is a hacker and spammers dream come true. So why are there so few scans of 3127 at the moment? I can only think that the protocol used by the worm remains a secret only known by a few. I had a look at the code myself. Its a neat 2 part system, one exe and one dll. The dll is installed via a registry entry in Explorer, not a common trick and is compressed with UPX to make cracking it much harder. Still it cannot be too long before someone cracks it and makes the protocol widely available. One to watch out for. - Tom www.keyfocus.net. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Type od DDoS in MyDoom???? Craig Bumpstead (Feb 02)
- Re: Type od DDoS in MyDoom???? terry white (Feb 03)
- Re: Type od DDoS in MyDoom???? KeyFocus (Feb 04)
- Re: Type od DDoS in MyDoom???? terry white (Feb 03)