Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
The Mydoom-M virus which was responsible for the on again off again problems for Google, Yahoo, Lycos and Altavista by using them to find email and domain addresses, was aparently the first part of a staged attack against microsoft.
Mydoom M left a back door which is rapidly being exploited by a secondary worm, named Zindos A, whose purpose is to launch a disdributed denial of service against microsoft.com
So, MS, one of the big "search" winners as a result of the temporary problems suffered by Google et al on Monday, is set to take an even bigger hit as a result.
I don't know if it's poetic justice , or what.
What I believe is that this is one of the most deeply thopught out DDOS attacks ever created.
Also, the reason a lot of people have MS Windows is because people not in the know buy their PC from companies like PCWorld who automatically throw Windows onto the machines, coz its easier. Hence the amount of people out there with windows. Might I mention gamers...they aint gonna go out n install Linux either coz no bugger writes games for it.
Basically what I am trying to say is: windows sucks......
Windows = Costs money and doesnt do what it should.
Linux = Costs bugger all and is safe as houses.
'nuff said, and im out.
Love n kisses
But to get back on topic, I wonder what the next variation of this virus will target and if it will have a revenue stream built into it?
joined:Apr 13, 2001
Virus guys come up with some great trickery. I only wish they'd devote that skill to improving the computing experience.
Was this a related or seperate attack:
Actually, not related.
This one didn't use any server vulnerabilities. It simply used the initial virus to infect and create backdoors in as many PCs as possible, as quickly as possible, by scanning not only that PC for e-mail addresses (an old trick), but by also using that PC to launch search queries on Google, Yahoo, and other search engines, looking for more domain names and e-mail addresses.
It also sent off a "report" saying "this PC is infected", and left a list of other PCs infected on the machine, so that the secondary worm could come along and rapidly migrate across a wide range of boxes with a vulnerability built in.
The second worm is the one that launches the DDOS against microsoft.
It's a very complicated strategy for a virus/worm denial of service attack. Someone put a lot of time, thought, and effort into this.
In MS's favor: I've checked their site a couple of times today, and their servers are responding just fine. I'm guessing there's a horde of server admins sitting glued to their keyboards right now in Redmond.
As for linux, there are vulnerabilities that you can exploiit, you just can't do all that much with them. There are also enough differences that you just can't assume that what your virus wants to use will be where it needs to be for them to use it.
On Unix-type systems, methods for temporarily elevating priveleges (su/sudo) are used by the GUIs, so when you are installing the OS they make you create a regular account, and later just ask for the root password when you want to do something that a regular user can't do, like install software or modify system-wide settings. Mac OS X and some graphical desktops (like KDE and Gnome) for other *nix OSes use this system, and it works quite well.
From a quick read of the URLs cited, this virus combo *doesn't* use Google to attack Microsoft. That would imply somehow compromising Google. The malicious code here just *searches* Google, and uses the results from those searches as part of the attack.
Google IS used as a part of the attack. Look at the description of MyDoom M [f-secure.com].
The purpose of the spread of Mydoom M was to provide a large number of willing zombies for Zindos to come along and exploit for it's attack on microsoft.com
The way they work hand in hand, and came out in such rapid sequence, is highly suggestive they were created by the same author/team. If the first used Google (and the other SEs) to aid in its propogation, then the SE's are a part of the methodology of the attack on microsoft dot com, which is the end result the attacker was trying to achieve.
There is no lapse in the logical sequence.
I did not mean to imply that Google was infected. But Google doesn't need to be infected to be a part of the attack. It simple has to exist as a valuable search tool.
[edited by: grelmar at 2:23 am (utc) on July 29, 2004]
It could be argued it is based on BSD which is a different operating system than Linux using a different kernel.
"Nothing is as terrible to see as ignorance in action."