What's your take on Mydoom.M, the latest worm making the rounds?
Advertisement:
It's a really interesting technique remembering how big Mydoom.A was in January. It was the single largest e-mail outbreak in history. Mydoom made headlines then because it was attacking SCO.com and then later on Mydoom.C was attacking Microsoft.com.
What's happening here [with Mydoom.M] is that the attack that made headlines with Google going down wasn't really an attack on Google. It was just using Google to harvest more e-mail addresses. But what Mydoom.M left behind was a back door. We've seen this already with Mydoom.A, which left a back door and several days later its authors scanned public addresses looking for Mydoom.A-infected computers and then installed a spam proxy Trojan called Mitglieder. What seems to be the case with this new Mydoom is that instead of dropping in a spam Trojan they've dropped in a [Distributed Denial-of-Service}client aimed at overloading Microsoft.com's front page, though it hasn't been too successful.
Do you have any idea who is behind it?
I think it is the same people not only behind the other Mydooms, but also behind Bagle. Possibly even behind SoBig and others. I don't have any concrete evidence on where these guys are operating from, though there are some indications they have come from Russia and are living in central Europe. I think it is more than one guy and that they are organized.
The link for this article located at nwfusion.com is no longer available.
