Panda Software reports the new B variant of Doomjuice

Panda Software reports the new B variant of Doomjuice • Although similar to its predecessor, this worm seems to have been modified to make its distributed denial of service attack against Microsoft’s website more effective - It uses the backdoor created by the Mydoom worms in order to spread Glendale, CA - February 11 2004 - PandaLabs has detected the appearance of the B variant of Doomjuice (W32/Doomjuice.B.worm), which would appear to indicate that the author (or authors) of Mydoom have decided to ensure that users don’t forget about their creations too quickly. Doomjuice.B is similar to its predecessor with the exception of its size, packaging and the fact that it doesn’t drop any file with Mydoom.A’s source code on the infected computer. However, and like Doomjuice.A, this new variant uses the backdoor created by Mydoom.A and Mydoom.B on infected computers. To do this it searches IP addresses looking for computers with communication port 3127 unprotected (the port affected by the backdoor). Doomjuice.B has also been designed to launch a distributed denial of service (DDoS) attack against Microsoft’s website. However, in the case of this variant, the author seems to have improved the worm’s code to make this attack more effective. Doomjuice.B, creates a copy of itself on the computer under the name regedit.exe, and creates a new entry in the Window’s registry to ensure it is run every time the system is started up. Due to the appearance of Doomjuice.B, Panda Software advises all users to be on the look out and update their antivirus solutions as soon as possible. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Doomjuice.B. For those whose solutions don’t update automatically, the updates are available at http://www.pandasoftware.com. Similarly, users can also detect and disinfect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is also available on the company’s website at http://www.pandasoftware.com/activescan. More information on Doomjuice.B, Doomjuice.A, Mydoom.A.worm and Mydoom.B.worm, and from Panda Software’s Virus Encyclopedia. About PandaLabs On receiving a possibly infected file, Panda Software's technical staff gets right to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: Alan Wallace [email protected] Tel. (818) 543-6909 Cell (650) 678-4719