|
Now tagged by at least one security firm as "the worst
worm in history," Mydoom has created a back door to infected
systems that an army of hackers is quickly turning to its
advantage.
Mydoom creates a backdoor to infected systems by opening
numerous ports, which can then be used by attackers to secretly
install malicious code, including key loggers or Trojan horses.
That malicious code could also allow access the machine's
hard drive, or make it perform other nefarious chores, such
as spamming or conducting additional DoS attacks.
To compound the problem, Mydoom.b, a copycat worm unleashed
Wednesday, also scans for the original worm's open ports,
said Chien, and when it finds an infected system, copies itself
over the original to 'upgrade' that machine.
To protect networks and computers, security firms have recommended
blocking TCP ports 3127 through 3198 at the firewall.
Machines infected with the Mydoom worm can be cleansed by
following a set of instructions on the Microsoft security
Web site, or by downloading one of the many removal tools
posted on the Internet. Symantec, for example, offers such
a tool, while Computer Associates provides something similar.
Read
more
|
