W32/Doomjuice-A

Aliases
W32/Doomjuice.worm.a, W32.HLLW.Doomjuice, WORM_DOOMJUICE.A, Win32.Doomjuice.A, Worm.Win32.Doomjuice

Type
Win32 worm

Description
W32/Doomjuice-A is a worm which spreads by exploiting a backdoor installed by W32/MyDoom-A.
The worm creates a copy of itself named intrenat.exe in the Windows system folder and creates the following registry entry to ensure that the copy is run when Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Gremlin
= <Windows system folder>\intrenat.exe

The worm also creates a file named sync-src-1.00.tbz in the root, Windows, Windows system and user profile folders. Sync-src-1.00.tbz is a compressed archive containing source code of W32/MyDoom-A.

W32/Doomjuice-A will contact computers infected with W32/MyDoom-A by attempting to connect to port 3127 of randomly chosen IP addresses. If the worm contacts a computer infected with W32/MyDoom-A a copy of W32/Doomjuice-A will be transfered to the computer and executed.

On 9th February and any date thereafter the worm will wait for between 2 and 6 minutes and then attempt a distributed denial of service (DDoS) attack against www.microsoft.com.


http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html

 

Yeah, you can also check out the thread over at DSLR:

http://www.dslreports.com/forum/remark,9338638~mode=flat

Not really sure who "Steve in Tijuana" is or how he's linked to Doomjuice. But it kinda sounds like a Ludlum novel, doesn't it?






Added URL tags - Pieter

 

Hi NanDog,

I just found the thread in DSLR - hmmm..... your link brought me to:

not an active or available forum (1,remark)


Maybe this link works better?? http://www.dslreports.com/forum/remark,9338638~mode=flat

The Golden Horseshoe; ask for Ed Bohannon

 

Well....my link worked for me. But more important, I got a pm from one of the participants in those cryptic posts. Seems you and I both need to read less Robert Ludlum and more Dashiell Hammett!

 

"Reading a Ludlum novel is like watching a James Bond film ... slickly paced ... all-consuming."

"Don't ever begin a Ludlum novel if you have to go to work the next day."

 

Yup, been there and done that!