Q

After the DoS attack deadline, the dangers of Mydoom still lurk

After Feb. 12 the deadline for the SCO attack, what danger does the Mydoom worm pose on infected computers? Also, can you tell me how I can remove Mydoom from computers on my network?

The worm installs a back-door on the infected system on TCP ports 3127 through 2198. Someone can use this back-door to do whatever comes to mind later. This is a serious threat. In the past, other worms have exploited back-doors left by previous worms. (Nimda springs to mind -- it used a back door left by Code Red.)

Therefore, it's important that you clean the machines on your network, because if you don't, you're going to regret it later. Recent versions of the usual antivirus software should take care of it. Symantec offers a specific tool to clean Mydoom. If you don't clean your network now, you may have a less pleasant surprise in a month or two, when some miscreant writes a follow-up worm. Fortunately, you can use that back door to your advantage, as well. Get a network scanning tool like Nmap. (If you don't have Nmap already, go to http://www.insecure.org/.) Then, scan ports 3127-3198 on your network. If you find them open, take a closer look. Unfortunately, just because you find that port open doesn't mean it's infected. Port 3128, for example, is used by some HTTP proxies. If you look at the file "/etc/services" on some friendly Unix box, it lists what the port assignments often are. That can help if you get puzzled.


For more info on this topic, visit these SearchSecurity.com resources:
  • Security Alert: Mydoom-A
  • Featured Topic: Best practices for patch management
  • Best Web Links: Common vulnerabilities and prevention tips
  • This was first published in February 2004
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close