Posted on 01/28/2004 3:58:52 PM PST by Leroy S. Mort
Edited on 04/13/2004 2:59:00 AM PDT by Jim Robinson. [history]
Russian anti-virus specialist Kaspersky Labs has identified a variant of MyDoom, the worm that has been spreading through the Internet at a furious pace since Monday.
The variant, which Kaspersky has labelled MyDoom.b, has a slightly larger payload compared with MyDoom.a and targets Microsoft Corp. for a denial-of-service attack to be launched starting on Feb. 1, instead of The SCO Group Inc. The worm features minor modifications to the text of the e-mail that carries it, but is otherwise identical to the original.
(Excerpt) Read more at eweek.com ...
http://www.freerepublic.com/focus/f-news/1065831/posts?page=670#670
Buried in its programming code -- and only readable after it has been decrypted -- was also the message "Andy; I'm just doing my job, nothing personal, sorry" from the creator, Hyppoenen said.
Why is the perpetrator of this worm blocking banner ad sites, along with anti-virus sites and microsoft (particularly Windows update)?
Probably because those entries were already in the creator's host file. It is a common ad-blocking technique.
While testing the exploit, he listed all of those sites in his own host file. When he entered hosts into the list in the worm, he just grabbed the contents of his host file, thus adding in the addresses that were previously in there.
An interesting theory, and plausible. Thanks!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.