Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hackers Target Systems Infected By 'Mydoom': Page 4 of 5

To access the opening in a Mydoom-infected machine, said Chien, a hacker must not only sniff out the system by scanning, but also carefully compose the attack using Mydoom's protocol. "Parts of that protocol have been published on open mailing lists," he said, "but 'kiddie-scripts' aren't yet widely available." 'Kiddie-script' refers to tools which allow even the clumsiest hacker to exploit a compromised computer.

That may change, and quickly, if Mydoom follows the pattern of other big-time exploits such as last year's Slammer, and even earlier vulnerabilities created by worms such as Nimda and Code Red, all of which were rapidly supported by tools that eliminated the need for an attacker to have a high level of technical expertise.

"Today, what hackers really want is access," said Chien. "They want to own machines for e-mailing spam, for storing pirated software, or just to have zombies available to them."

And with the open back doors provided by Mydoom, that's exactly what they're getting.

To protect networks and computers, security firms have recommended blocking TCP ports 3127 through 3198 at the firewall.