Re: Type od DDoS in MyDoom????
From: KeyFocus (support_at_keyfocus.net)
Date: 02/04/04
- Previous message: Dave Paris: "RE: Blaster Recurrence"
- In reply to: terry white: "Re: Type od DDoS in MyDoom????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Tue, 3 Feb 2004 23:59:40 -0000
>
> : Does anybody know what type of DDoS is in the MyDoom virus?
>
The DDOS attack is certainly grabing the headlines but its the long term
that bothers me.
MyDoom listens on port 3127. According to reports it allows files to be
uploaded and executed on the host machine and provides a proxy service.
Other reports suggest over 1 million machines infected.
This is a hacker and spammers dream come true. So why are there so few scans
of 3127 at the moment?
I can only think that the protocol used by the worm remains a secret only
known by a few.
I had a look at the code myself. Its a neat 2 part system, one exe and one
dll. The dll is installed via a registry entry in Explorer, not a common
trick and is compressed with UPX to make cracking it much harder.
Still it cannot be too long before someone cracks it and makes the protocol
widely available.
One to watch out for.
- Tom
www.keyfocus.net.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Dave Paris: "RE: Blaster Recurrence"
- In reply to: terry white: "Re: Type od DDoS in MyDoom????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
