Virus experts at Sophos have warned of a new worm called
W32/Doomjuice-A,
which travels via the internet looking to attack computers which
are infected with the widespread W32/MyDoom-A worm. Unlike
MyDoom, the Doomjuice worm does not travel by email.
As part of its infection process, MyDoom opened a backdoor onto
the compromised machine, which virus experts warned could be used
to upload or download files.
Doomjuice is using computers it has managed to infect (known as
"zombies") to launch a distributed denial of service attack against
Microsoft in an effort to bring down their website,
www.microsoft.com. Sophos researchers believe that Doomjuice and
MyDoom are likely to have been written by the same author.
"Doomjuice is yet another example that viruses do not only
spread via email," explained Graham Cluley, senior technology
consultant at Sophos. "By taking advantage of the backdoor left
open by MyDoom, Doomjuice is just one example of what a virus
writer can do when computer security is not maintained. It is a
good idea to run anti-virus software both at email gateways and on
users' desktops."
"Being a good member of the internet community, means ensuring
that your computer is not part of the problem. Computers which are
not properly protected from hacker and virus attacks contribute to
the problem - in this case, a serious attempt to blast Microsoft's
website off the internet," continued Cluley.
Sophos recommends that users ensure that their anti-virus is up
to date and that they have a firewall in place to prevent access
from potentially infected non-trusted networks.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.