To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39122679,00.htm

Virus alert: Microsoft targeted by MyDoom wannabe
Zindos sucker punch...

By

Published: Wednesday 28 July 2004

A new worm, called Zindos, is launching an attack on Microsoft.com by using an army of machines infected by the MyDoom.O virus and the Zincite Trojan installed earlier this week. Security experts believe the malware is linked.

On Monday, MyDoom.O attacked search engines and brought down the Alta Vista, Google, Lycos and Yahoo! sites. Now that success has apparently inspired a similar 'denial of service' attack aimed at Microsoft, using the platform created by the MyDoom.O attack.

The software giant is no stranger to malicious levels of traffic and as with the SoBig and MyDoom viruses the company claims to have in place measures to keep its website available.

Katrin Tocheva, team manager of antivirus systems at F-Secure, said that she is almost certain that MyDoom and Zindos were written by the same programmer because they worked together so well.

"MyDoom prepared the way by infecting a large number of systems and creating a list of compromised systems. Zindos then uses this list and the back doors prepared by MyDoom to quickly spread and hit its target," said Tocheva.

Graham Cluley, senior technology consultant for Sophos, agrees that the two worms seem too similar to have been written independently.

"There are similarities in their code and the fact that Zindos seems to know MyDoom so intimately - in terms of the back door it opens. It's like Zindos knows the secret handshake to get into a private club," Cluley said.

Munir Kotadia writes for ZDNet UK.