New MyDoom Variant Spreading

Doomjuice, which some are describing as a variant of the MyDoom worm, spreads via e-mail systems already infected with the first version, which became the fastest-spreading virus ever when it was unleashed on the Internet at the end of January.

“It’s only looking for machines that are compromised by MyDoom A or B,” said Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc. . He said it was not spreading as rapidly as the initial MyDoom worms.

Because Doomjuice spreads directly between infected computers, rather than via e-mail, experts said that it would not be accurate to call it a variant of MyDoom, which accounted for as many as one in five e-mails at its peak in late January.

But some computer security companies and Microsoft have taken to describing Doomjuice as a variant of MyDoom, naming it “MyDoom.C.”

The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms then instructed infected PCs to flood the Web sites of the SCO Group Inc. and Microsoft in an effort to shut them down.

Doomjuice, which experts said was most likely created by the same author as MyDoom, is designed to flood Microsoft’s web site for request for data in an effort to bring it down, an attack known as a distributed denial of service.

Redmond, Washington-based Microsoft said that “all web properties are stable and available to customers.”

Security experts noted, however, that Microsoft’s Web site was slower and was intermittently unavailable over the weekend.

The Web site of SCO, a small software maker based in Utah, has been shut down for more than a week after being hit by MyDoom. SCO has drawn the ire of advocates of Linux (news – web sites), the freely available operating system, for claiming to own the copyright on some parts of Linux and demanding licensing fees from users.

Microsoft’s Web site remained up and running on Monday while remained offline.

The companies have also set up alternate Web sites at and and are each offering a $250,000 bounty for information leading to the capture of MyDoom’s author.

Source: Reuters