Problem solve Get help with specific problems with your technologies, process and projects.

After the DoS attack deadline, the dangers of Mydoom still lurk

After Feb. 12 the deadline for the SCO attack, what danger does the Mydoom worm pose on infected computers? Also,...

can you tell me how I can remove Mydoom from computers on my network?

The worm installs a back-door on the infected system on TCP ports 3127 through 2198. Someone can use this back-door to do whatever comes to mind later. This is a serious threat. In the past, other worms have exploited back-doors left by previous worms. (Nimda springs to mind -- it used a back door left by Code Red.)

Therefore, it's important that you clean the machines on your network, because if you don't, you're going to regret it later. Recent versions of the usual antivirus software should take care of it. Symantec offers a specific tool to clean Mydoom. If you don't clean your network now, you may have a less pleasant surprise in a month or two, when some miscreant writes a follow-up worm. Fortunately, you can use that back door to your advantage, as well. Get a network scanning tool like Nmap. (If you don't have Nmap already, go to http://www.insecure.org/.) Then, scan ports 3127-3198 on your network. If you find them open, take a closer look. Unfortunately, just because you find that port open doesn't mean it's infected. Port 3128, for example, is used by some HTTP proxies. If you look at the file "/etc/services" on some friendly Unix box, it lists what the port assignments often are. That can help if you get puzzled.

For more info on this topic, visit these SearchSecurity.com resources:
  • Security Alert: Mydoom-A
  • Featured Topic: Best practices for patch management
  • Best Web Links: Common vulnerabilities and prevention tips
  • This was last published in February 2004

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.