|The Doomjuice worm drops MyDoom's source code on
the user's hard drive
Sophos virus experts have an interesting theory on a peculiar
payload of the W32/Doomjuice-A worm.
The Doomjuice worm drops a copy of the prevalent W32/MyDoom-A's source
code onto infected computers, possibly in an attempt to make it
more difficult to convict the true author.
The Doomjuice worm drops a compressed copy of MyDoom's C source
code into a number of directories on the infected user's PC.
Detectives investigating the authorship of the MyDoom worm would
normally treat discovery of the source code on a computer as a
"There is already a $500,000 reward for information leading to
the conviction of MyDoom's author," said Graham Cluley, senior
technology consultant for Sophos. "If he has spread his code around
the net onto innocent computers in an attempt to hide in the crowd,
then he's more sneaky than the average virus writer."
"The other possibility is that MyDoom's author is spreading the
code to encourage others to write copy-cat viruses which try and
mimic MyDoom's global spread. The need for sensible security
policies and multi-tier virus protection has never been greater,"
The Doomjuice worm attempts to launch a distributed denial of
service attack against Microsoft's website: www.microsoft.com