Doomjuice Worm Aims at Microsoft
(Wired) SEATTLE — A new worm dubbed “Doomjuice” targeting Microsoft’s website emerged on the Internet on Monday, which security experts said slowed parts of the software maker’s home page. Doomjuice, which some are describing as a variant of the MyDoom worm, spreads through e-mail systems already infected with the first version, which became the fastest-spreading virus ever when it was unleashed on the Internet at the end of January.
“It’s only looking for machines that are compromised by MyDoom A or B,” said Vincent Gullotto, vice president of the antivirus emergency response team at Network Associates. He said it was not spreading as rapidly as the initial MyDoom worms.
Because Doomjuice spreads directly between infected computers, rather than via e-mail, experts said that it would not be accurate to call it a variant of MyDoom, which accounted for as many as one in five e-mails at its peak in late January.
But some computer security companies and Microsoft have taken to describing Doomjuice as a variant of MyDoom, naming it “MyDoom.C.”
The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms then instructed infected PCs to flood the websites of the SCO Group and Microsoft in an effort to shut them down.
Doomjuice, which experts said was most likely created by the same author as MyDoom, is designed to flood Microsoft’s website for request for data in an effort to bring it down, an attack known as a distributed denial of service.
Redmond, Washington-based Microsoft said that “all Microsoft.com Web properties are stable and available to customers.”
Security experts noted, however, that Microsoft’s website was slower and was intermittently unavailable over the weekend.
The website of SCO, a small software maker based in Utah, has been shut down for more than a week after being hit by MyDoom. SCO has drawn the ire of advocates of Linux, the freely available operating system, for claiming to own the copyright on some parts of Linux and demanding licensing fees from users.
Microsoft’s website remained up and running on Monday while SCO’s site remained offline.
The companies have also set up alternate websites at information.microsoft.com and thescogroup.com and are each offering a $250,000 bounty for information leading to the capture of MyDoom’s author.