N
net1
Guest
Computer security experts are warning of a new worm known as Doomjuice which is expected to attack computers infected by Mydoom.
The virus, first detected by Finnish company F-Secure on Monday night, has so far infected at least 30,000 computers worldwide since Sunday.
Company director Mikko Hypponen said that like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world.
"Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom," Hypponen said.
"People won't even realise their computers are being attacked, and then they'll have both Mydoom and Doomjuice in their computers."
Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.
"This proves to us that Doomjuice and Mydoom.A are written by the same people," Hypponen said. "The source code of Mydoom.A has not been seen circulating in the underground before."
Last month, Microsoft promised £140,000 to anyone who helps find and prosecute the author of the fast-spreading Mydoom virus.
F-Secure, a Helsinki-based company, was one of the first to warn of the dangers of the e-mail Mydoom worm, also known as Novarg.
Doomjuice's ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said. "And lots of them are being cleaned up already at a quick rate."
The virus, first detected by Finnish company F-Secure on Monday night, has so far infected at least 30,000 computers worldwide since Sunday.
Company director Mikko Hypponen said that like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world.
"Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom," Hypponen said.
"People won't even realise their computers are being attacked, and then they'll have both Mydoom and Doomjuice in their computers."
Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.
"This proves to us that Doomjuice and Mydoom.A are written by the same people," Hypponen said. "The source code of Mydoom.A has not been seen circulating in the underground before."
Last month, Microsoft promised £140,000 to anyone who helps find and prosecute the author of the fast-spreading Mydoom virus.
F-Secure, a Helsinki-based company, was one of the first to warn of the dangers of the e-mail Mydoom worm, also known as Novarg.
Doomjuice's ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said. "And lots of them are being cleaned up already at a quick rate."