A new worm has been detected which exploits the backdoor left from the Mydoom virus(es).
More information can be found here.Quote:
Connects to TCP port 3127, which is opened by the backdoor component of W32.Mydoom.A@mm, to receive commands. If the worm gets the command, it sends a copy of itself to the remote machine. The backdoor component of W32.Mydoom.A@mm will accept the file and executes it.
Launches a DoS attack against www.microsoft.com by sending HTTP Get requests.
Here is another worm exploiting the backdoor left by Mydoom.
More info on W32.HLLW.DeadhatQuote:
Scans the network, looking for systems infected with Mydoom. This worm attempts to connect to sequential IP addresses on ports 3127, 3128, and 1080, starting with a random IP address. When a connection is established, W32.HLLW.Deadhat sends a copy of itself to the Mydoom server, in effect replacing Mydoom on the remote machine.
Cheers: