News and Trends
SHARE
Facebook X Pinterest WhatsApp

MyDoom Attacks Microsoft.com Through Back Door

As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com. MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a […]

Written By
thumbnail Dennis Fisher
Dennis Fisher
Jul 27, 2004
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com.

MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for further commands. Zindos spreads itself by scanning for machines listening on port 1034. When it finds one, Zindos copies itself to the infected PC and then Zincite executes the copy.

Zindos then creates an executable file and launches a DDoS attack against Microsoft Corp.’s main Web site. Some earlier versions of MyDoom also attacked the company’s site. Microsoft’s site appeared to be unaffected by the activity.

Click here to read about MyDoom’s impact on search engines.

Analysts at Symantec Corp., based in Cupertino, Calif., said Tuesday that they had discovered a previously unknown function in MyDoom.O that keeps track of every system the worm infects.

After finding this, the analysts went back over the code from MyDoom.L and found that that variant contains the same feature. This led the team to conclude that the worms’ author may have used the machines infected by the L variant as a seeding ground for the latest version.

The author could have simply uploaded a copy of MyDoom.O to one of the PCs infected by MyDoom.L and instructed the worm to read the list of compromised machines. MyDoom.O then could have sent itself to all of those other PCs.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

Symantec also said its analysts believe that Zindos is being used as an updating mechanism for the MyDoom worms, which means that their behavior and characteristics could change at any time.

Also Tuesday, e-mail security provider MessageLabs Inc. said it had seen more than 530,000 copies of MyDoom.O since its arrival late Sunday.

Check out eWEEK.com’s Security Center at http://security.eweek.com for security news, views and analysis.


Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  

thumbnail Dennis Fisher

Recommended for you...

thumbnail Scale Computing Makes Strategic Updates to HyperCore Solution
Infrastructure
Scale Computing Makes Strategic Updates to HyperCore Solution
Jordan Smith
Sep 17, 2025
thumbnail Druva Launches Metadata Graphing & New Agentic AI Solutions
AI
Druva Launches Metadata Graphing & New Agentic AI Solutions
Jordan Smith
Sep 17, 2025
thumbnail SonicWall’s Michael Crean on State of Managed Security
Security
SonicWall’s Michael Crean on State of Managed Security
Victoria Durgin
Sep 17, 2025
thumbnail Gigamon Unveils Agentic AI App to Boost IT Productivity
AI
Gigamon Unveils Agentic AI App to Boost IT Productivity
Luis Millares
Sep 16, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

facebook
linkedin
youtube
rss
spotify
x

Company

About us Contact us Advertise with us

Categories

Channel Business Security AI Infrastructure Lists & Awards

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information