'Doomjuice' worm emerges, targets Microsoft
|WHAT IS A WORM?|
A program that makes copies of itself -- for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism.
|WARD OFF WORMS|
Aside from installing anti-virus software, Symantec suggests these tips to guard against computer worms:
Don't open e-mail from an unknown source.
Only open expected e-mail attachments.
Don't automatically open e-mail attachments.
Don't download programs from Web sites, unless you know and trust the source.
Update your anti-virus software at least every two weeks.
SEATTLE, Washington (Reuters) -- A new worm dubbed "Doomjuice" targeting Microsoft Corp.'s Web site emerged on the Internet on Monday, which security experts said slowed parts of the software maker's home page.
Doomjuice, which some are describing as a variant of the MyDoom worm, spreads via e-mail systems already infected with the first version, which became the fastest-spreading virus ever when it was unleashed on the Internet at the end of January.
"It's only looking for machines that are compromised by MyDoom A or B," said Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc. He said it was not spreading as rapidly as the initial MyDoom worms.
Because Doomjuice spreads directly between infected computers, rather than via e-mail, experts said that it would not be accurate to call it a variant of MyDoom, which accounted for as many as one in five e-mails at its peak in late January.
But some computer security companies and Microsoft have taken to describing Doomjuice as a variant of MyDoom, naming it "MyDoom.C."
The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms then instructed infected PCs to flood the Web sites of the SCO Group Inc. and Microsoft in an effort to shut them down.
Doomjuice, which experts said was most likely created by the same author as MyDoom, is designed to flood Microsoft's web site for request for data in an effort to bring it down, an attack known as a distributed denial of service.
Redmond, Washington-based Microsoft said that "all Microsoft.com web properties are stable and available to customers."
Security experts noted, however, that Microsoft's Web site was slower and was intermittently unavailable over the weekend.
The Web site of SCO, a small software maker based in Utah, has been shut down for more than a week after being hit by MyDoom. SCO has drawn the ire of advocates of Linux, the freely available operating system, for claiming to own the copyright on some parts of Linux and demanding licensing fees from users.
Microsoft.com remained up and running on Monday while sco.com remained offline.
The companies have also set up alternate Web sites at https://information.microsoft.com and http://www.thescogroup.com and are each offering a $250,000 bounty for information leading to the capture of MyDoom's author.
Copyright 2004 Reuters
. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.