After Feb. 12 the deadline for the SCO attack, what danger does the Mydoom worm pose on infected computers? Also,...
can you tell me how I can remove Mydoom from computers on my network?
The worm installs a back-door on the infected system on TCP ports 3127 through 2198. Someone can use this back-door to do whatever comes to mind later. This is a serious threat. In the past, other worms have exploited back-doors left by previous worms. (Nimda springs to mind -- it used a back door left by Code Red.)
Therefore, it's important that you clean the machines on your network, because if you don't, you're going to regret it later. Recent versions of the usual antivirus software should take care of it. Symantec offers a specific tool to clean Mydoom. If you don't clean your network now, you may have a less pleasant surprise in a month or two, when some miscreant writes a follow-up worm. Fortunately, you can use that back door to your advantage, as well. Get a network scanning tool like Nmap. (If you don't have Nmap already, go to http://www.insecure.org/.) Then, scan ports 3127-3198 on your network. If you find them open, take a closer look. Unfortunately, just because you find that port open doesn't mean it's infected. Port 3128, for example, is used by some HTTP proxies. If you look at the file "/etc/services" on some friendly Unix box, it lists what the port assignments often are. That can help if you get puzzled.
For more info on this topic, visit these SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.