A new variant of the Nachi worm has emerged that is apparently sending a political message to computers running Japanese versions of Windows.
Nachi.B, discovered on Wednesday, has attacked only a small number of computers so far and is less troublesome than its predecessor. But unlike the earlier Nachi worm, which took down computer networks, this version seems politically motivated, security experts said on Thursday.
A new virus has been discovered that pays tribute to dance DJ Marco V.
Order.A drops the lyrics from the song "Godd" by Marco V to the hard drive in a file called Chaos.txt, signing it Xevion. Xevion is not unknown in the virus world. Graham Cluley, senior technology consultant for Sophos, said: 'We believe he is an active member of the computer underground, and may have written other viruses. There is no concrete information about his land of origin however.'
A new variant of the Nachi worm which attempts to cleanse computers infected by MyDoom and download Microsoft security patches to unprotected computers has careened onto the Net this morning.
Nachi-B (AKA Welchi) uses the same security vulnerability exploited by the Blaster worm to spread. Once it infects target machines the worm attempts to search and destroy any remnants of MyDoom infection - before downloading patches for the Microsoft vulnerability it used to infect the system in the first place.
THE outlook for computer users got even more gloomy yesterday with the release of a new MyDoom virus.
But unlike its record-setting predecessors, which spread via e-mail, Doomjuice automatically scans the Internet and infects computers without help from users.
Computer Associates Australia senior security consultant Daniel Zatz said Doomjuice could infect any computer already infected with the first MyDoom virus.
Mr Zatz said MyDoom.A opened a port on infected computers, which allowed Doomjuice to enter.
Systems infected with MyDoom.A over the past month are being hit by new malware via the backdoor, as the worm delivers its second payload.
The new code, named Doomjuice, instructs infected machines to launch a distributed denial of service attack (DDoS) against Microsoft.
The move is an attempt to harness infected systems with compatible code, and suggests that it comes from the same authors.
"This proves to us that this and Mydoom.A are written by the same people," said Mikko Hypponen, director of antivirus research at F-Secure.
A new worm dubbed "Doomjuice" targeting Microsoft Corp.'s Web site emerged on the Internet on Monday, which security experts said slowed parts of the software maker's home page.
Doomjuice, which some are describing as a variant of the MyDoom worm, spreads via e-mail systems already infected with the first version, which became the fastest-spreading virus ever when it was unleashed on the Internet at the end of January.
Yet another Mydoom variant has been found in the wild, according to an alert sent out by iDefense Inc. this morning.
Known as Mydoom.C or SyncZ, the malicious code appears to be scanning the Internet for systems already infected by the original Mydoom. When finding a vulnerable machine, it uploads itself via TCP Port 3127, and creates a copy of itself in the Windows System directory as "intrenat.exe" as well as several other files in various Windows directories.
E-mail viruses like MyDoom will be the weapon of choice for future corporate and political Web site attacks, with one worm able to threaten thousands of big sites at once, a top computer security official said on Tuesday.
Hundreds of thousands of computers have already been infected by the fast-spreading MyDoom worm, which has toppled the Web site of US SCO Group and now has software leader Microsoft in its crosshairs.
Slowly but surely the Mydoom virus is dying out.
Figures from mail filtering firm MessageLabs show that the number of copies of the virus being caught everyday are swiftly diminishing.
The peak day of infection was 28 January when 4.5m copies of the malicious program were caught.
But only 300,000 copies of the virus were caught on 3 February as people clean up compromised machines and stop them spewing out infected messages.
The devastation created by the Mydoom virus, which is still spreading, has been compounded by the detection of a previously unknown mutant of the Mimail virus.
One in every five emails currently transmitted is thought to be carrying Mydoom, with four million infected emails thought to be in circulation.
Internet security firm Panda Software said that variant 'S' of Mimail (W32/Mimail.S.worm) is very similar to its prolific predecessors and could not have arrived at a worse time.
