Results 1 to 2 of 2

Thread: Doomjuice

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North

    Doomjuice & Deadhat

    A new worm has been detected which exploits the backdoor left from the Mydoom virus(es).

    Connects to TCP port 3127, which is opened by the backdoor component of W32.Mydoom.A@mm, to receive commands. If the worm gets the command, it sends a copy of itself to the remote machine. The backdoor component of W32.Mydoom.A@mm will accept the file and executes it.

    Launches a DoS attack against by sending HTTP Get requests.
    More information can be found here.

    Here is another worm exploiting the backdoor left by Mydoom.

    Scans the network, looking for systems infected with Mydoom. This worm attempts to connect to sequential IP addresses on ports 3127, 3128, and 1080, starting with a random IP address. When a connection is established, W32.HLLW.Deadhat sends a copy of itself to the Mydoom server, in effect replacing Mydoom on the remote machine.
    More info on W32.HLLW.Deadhat


  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    From the Trojan Horse mailing list...

    Confused about the name of this one... so is everyone it appears...

    * TrendMicro is calling this one DeadHat.A and DoomJuice
    * McAfee has created a separate DoomJuice and DeadHat listing
    * Symantec also now has a separate DoomJuice and DeadHat listing
    * Computer Associates also has a DoomJuice and a DeadHat listing

    They (the media) now think MyDoom.C/DoomJuice and Vesser/DeadHat are the same thing but they are totally different worms that use MyDoom.A/B to spread. Vesser is NOT in the wild.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts