Zindos worm relies on its pal MyDoom

The Zindos worm, which has launched a DDoS attack on Microsoft.com, seems to be written by the author of the MyDoom worm, as they share some intimate secrets. The latest variant of the MyDoom worm appears to form the first part of a two-pronged attack by preparing the path for a new type of worm that, in this case, is designed to assault Microsoft.com.

MyDoom first appeared in January 2004 and overnight became the worst worm ever. Within a month, different variants of the worm had knocked SCO's Web site offline and launched an attack on the Microsoft.com Web site.

More than a dozen variants later, the MyDoom authors seem to have a new strategy. This week, the MyDoom worm infected as many machines as possible and sent information about the infected systems back to the worm's author. Within hours, the Zindos worm was sent to those machines already infected by MyDoom to open a secret back door and kick off a DDoS attack on Microsoft's Web site.

Katrin Tocheva, team manager of antivirus systems at F-Secure, said that she is almost certain that MyDoom and Zindos were written by the same programmer because they worked together so well.

"MyDoom prepared the way by infecting a large number of systems and creating a list of compromised systems. Zindos then uses this list and the back doors prepared by MyDoom to quickly spread and hit its target," said Tocheva.

Graham Cluley, senior technology consultant for Sophos, agrees that the two worms seem too similar to have been written independently.