Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hackers Target Systems Infected By 'Mydoom': Page 2 of 5

In just three days, said F-Secure, Mydoom blew past Sobig to become the worst worm in virus history.

The widespread distribution of Mydoom will likely present problems for SCO and Microsoft -- both of which are targeted by the worm and its Mydoom.b variant, discovered Wednesday, for denial-of-service (DoS) attacks starting Sunday, Feb. 1 -- but the worm may also give average users major heartburn.

That's because Mydoom creates a backdoor to infected systems by opening numerous ports, which can then be used by attackers to secretly install malicious code, including key loggers or Trojan horses. That malicious code could also allow access the machine's hard drive, or make it perform other nefarious chores, such as spamming or conducting additional DoS attacks, said Symantec's Chien.

"Hackers are actively looking for open machines to compromise," said Chien, who noted that Symantec's Threat Management System -- a collection of network sensors deployed around the globe -- has seen substantial scanning activity targeting port 3127, one of the ports that Mydoom's back door opens.

"They are targeting the back door on this port, which can allow them to upload new malicious code as well as use the infected system to launch further attacks and forward spam," the Threat Management System reported in an alert. Symantec has seen more than 2,000 unique sources scanning for this port. Mydoom's back door opens TCP ports 3127 through 3198.