New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 990
Comments: 20
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image CyberCrime: Beware!: New Attack Follows Mydoom image
CyberCrime

New Attack Follows Mydoom




Malware program installs itself on infected PCs.

Macworld.co.uk staff, Macworld.co.uk
Wednesday, February 11, 2004

A new attack against Mydoom-infected machines has been identified by security specialists Mi2g.

This attack has been designed to make money and definitely appears to be the handiwork of organized crime, mi2g warns.

A new malware called Deadhat has appeared. Mydoom-A and Mydoom-B-infected machines are being colonized by Deadhat, which has some sinister cryptographic features, the analysts warn. Deadhat is coming ever closer to a Distributed Intelligent Malware Agent.

On the face of it, Deadhat appears to be relatively useless but it has a darker side: it is the type of distributed intelligent malware agent with crypto control that has been conceived for the perfect colonization of Mydoom-infected machines.


Spreading Itself
Deadhat does not spread through e-mail. Instead, it actively seeks to install itself through the backdoor opened by Mydoom-A and Mydoom-B infected machines by searching for their tell-tale open ports.

When it takes control of the infected machines it removes all traces of Mydoom and copies itself to the SoulSeek file-sharing system (if installed). In the process, the open ports of Mydoom are closed and Deadhat then opens a new TCP port and awaits further instructions which must be authenticated with a cryptographic key. If the authentication is successful, the backdoor accepts a file for upload and execution.

Deadhat's Internet Relay Chat component connects to a predetermined IRC server and listens on a specific channel for further commands. The backdoor supports different commands to download and execute specific programs on infected computers.

Mi2g executive chairman DK Matai warns: After Deadhat has proliferated, the large army of Mydoom zombies will surrender control to Deadhat's perpetrators and nobody else.

Post-Deadhat, any Web site could be held to ransom or infected machines could be used for spam campaigns and phishing scams without the owners' knowledge.

More at PCWorld
Posted on Thursday, 12 February 2004 @ 11:31:00 EST by phoenix22
image

 
Login
Nickname

Password
· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Intel
· HotScripts
· W3 Consortium
· Spam Cop
· More about CyberCrime
· News by phoenix22
Most read story about CyberCrime:
Police to Launch International Cyber Child Porn Sting

image
Article Rating
Average Score: 5
Votes: 2

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent

image
Options

Printer Friendly Page  Printer Friendly Page
image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 485 pages served in previous 5 minutes. Page Rendered: 0.246 seconds.