Doomjuice worm shows that viruses don't just spread by email, says Sophos

February 10, 2004 Sophos Press Release

Virus experts at Sophos have warned of a new worm called W32/Doomjuice-A, which travels via the internet looking to attack computers which are infected with the widespread W32/MyDoom-A worm. Unlike MyDoom, the Doomjuice worm does not travel by email.

As part of its infection process, MyDoom opened a backdoor onto the compromised machine, which virus experts warned could be used to upload or download files.

Doomjuice is using computers it has managed to infect (known as "zombies") to launch a distributed denial of service attack against Microsoft in an effort to bring down their website, www.microsoft.com. Sophos researchers believe that Doomjuice and MyDoom are likely to have been written by the same author.

"Doomjuice is yet another example that viruses do not only spread via email," explained Graham Cluley, senior technology consultant at Sophos. "By taking advantage of the backdoor left open by MyDoom, Doomjuice is just one example of what a virus writer can do when computer security is not maintained. It is a good idea to run anti-virus software both at email gateways and on users' desktops."

"Being a good member of the internet community, means ensuring that your computer is not part of the problem. Computers which are not properly protected from hacker and virus attacks contribute to the problem - in this case, a serious attempt to blast Microsoft's website off the internet," continued Cluley.

Sophos recommends that users ensure that their anti-virus is up to date and that they have a firewall in place to prevent access from potentially infected non-trusted networks.