Just days after an analyst warned enterprises to purge their systems of the original MyDoom worm, confirmation of the advice came with the arrival Monday of another variant that targets already-infected machines, conducts yet another denial of service attack on microsoft.com, and unlike its predecessors, has no shut-off date.
Security intelligence firm iDefense first captured MyDoom.c -- aka "SyncZ" and "Doomjuice" -- early Monday, said Ken Dunham, the company's director of malicious code research. The new variation, the second such copy-cat, spreads by scanning for computers on a network which are listening on TCP port 3127, a port opened by the original MyDoom.
When it finds an infected computer -- worldwide estimates range as high as half a million machines -- MyDoom.c uploads a copy of itself to the computer to re-infect the PC with a new, more persistent version.
"Early analysis of MyDoom.c indicates that this last variant is a very aggressive denial-of-service (DoS) attack worm," said Dunham in an e-mail to TechWeb. "If so, with no kill date, this worm could cause significant problems for DoS targets over the next few months."
MyDoom.c targets microsoft.com, said Dunham, who noted that the Redmond,Wash.-based developer's host name is embedded in the worm's code. If the date is between the first and the 11th of the month, MyDoom.c attacks microsoft.com with a single GET command over Port 80, then waits at various intervals before repeating. If the date is the 12th of later, however, it continually attacks Microsoft's Web site.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
