PDA

View Full Version : W32/Doomjuice-A

Marianna
February 9th, 2004, 03:53 PM
Aliases
W32/Doomjuice.worm.a, W32.HLLW.Doomjuice, WORM_DOOMJUICE.A, Win32.Doomjuice.A, Worm.Win32.Doomjuice

Type
Win32 worm

Description
W32/Doomjuice-A is a worm which spreads by exploiting a backdoor installed by W32/MyDoom-A.
The worm creates a copy of itself named intrenat.exe in the Windows system folder and creates the following registry entry to ensure that the copy is run when Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Gremlin
= <Windows system folder>\intrenat.exe

The worm also creates a file named sync-src-1.00.tbz in the root, Windows, Windows system and user profile folders. Sync-src-1.00.tbz is a compressed archive containing source code of W32/MyDoom-A.

W32/Doomjuice-A will contact computers infected with W32/MyDoom-A by attempting to connect to port 3127 of randomly chosen IP addresses. If the worm contacts a computer infected with W32/MyDoom-A a copy of W32/Doomjuice-A will be transfered to the computer and executed.

On 9th February and any date thereafter the worm will wait for between 2 and 6 minutes and then attempt a distributed denial of service (DDoS) attack against www.microsoft.com.


http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html
NanDog
February 10th, 2004, 12:18 AM
Yeah, you can also check out the thread over at DSLR:

http://www.dslreports.com/forum/remark,9338638~mode=flat

Not really sure who "Steve in Tijuana" is or how he's linked to Doomjuice. But it kinda sounds like a Ludlum novel, doesn't it?






Added URL tags - Pieter
Marianna
February 10th, 2004, 02:04 AM
Hi NanDog,

I just found the thread in DSLR - hmmm..... your link brought me to:

not an active or available forum (1,remark)
;D

Maybe this link works better?? http://www.dslreports.com/forum/remark,9338638~mode=flat

The Golden Horseshoe; ask for Ed Bohannon ??? ???

:o 8)
NanDog
February 10th, 2004, 11:02 PM
{QUOTE-> quoting: Marianna link=board=31;threadid=21538;start=0#msg129609 date=1076396669]

The Golden Horseshoe; ask for Ed Bohannon ??? ???

<-QUOTE}

Well....my link worked for me. But more important, I got a pm from one of the participants in those cryptic posts. Seems you and I both need to read less Robert Ludlum and more Dashiell Hammett!
;)
Marianna
February 11th, 2004, 01:26 AM
"Reading a Ludlum novel is like watching a James Bond film ... slickly paced ... all-consuming."

"Don't ever begin a Ludlum novel if you have to go to work the next day."
NanDog
February 13th, 2004, 12:25 AM
{QUOTE-> quoting: Marianna link=board=31;threadid=21538;start=0#msg129932 date=1076480799]


"Don't ever begin a Ludlum novel if you have to go to work the next day."

<-QUOTE}

Yup, been there and done that! :)