Source: news.com.com Date Written: February 9, 2004 Date Collected: February 10, 2004
Two new worms, Doomjuice and Deadhat, are spreading over the network of computers infected by the MyDoom.A worm, using the backdoor that worm opened rather than e-mail. The viruses threaten only those computers currently infected, but not computers which have been cleaned of the worm; Vincent Gullotto, vice president for antivirus at Network Associates, estimates that only 50,000 to 75,000 infected computers are left. Doomjuice, also known as MyDoom.C, has had moderate success in spreading, and hijacks computers for a denial of service attack against Microsoft's website. Microsoft experienced brief outages Monday, February 9, 2004, but it is uncertain whether it was related to the virus. Sophos reports that Doomjuice also plants source code for the MyDoom.A virus on infected machines, perhaps in an attempt by the author to cover his tracks. Deadhat spreads through the MyDoom back door and over the SoulSeek file-trading network; once inside it removes the MyDoom virus and awaits further instructions. Security experts consider both viruses low risk.
QuadMedic
Feb 11 2004, 06:06 PM
yip very dead.........
X-FloppY
Feb 11 2004, 06:06 PM
now i understand why no results thank's for INFO
stoned-gecko
Feb 11 2004, 06:09 PM
shit happens
but now can i delet the exploit
Copkill
Feb 11 2004, 06:15 PM
hmm shit
Ash
Feb 11 2004, 06:26 PM
i knew it would take out most comps before any of us could get a decent amount same with blaster worm that just took all comps and just got the exploit known about .
TheOther
Feb 11 2004, 08:14 PM
Yep almost every shell I've got there is that stupid Death... worm. First I thought that it was someone else scanning at new mydoom servers, but no it only fucks up everything.
I wonder what the purpose is of making such a worm? Is it because they want to be famous or maybe they don't want us to have some fun? You well, screw them anyway.
barty32
Feb 11 2004, 08:19 PM
hmm shit...
it was so funny to got shell through mydoom *g*
FakoLy
Feb 11 2004, 08:23 PM
That's a shame i really don't see no purpose in making another virus who cleans the machine... the coder of mydoom.A wanted to get some shells no ? so why did he create DeadHat... maybe microsoft did ^^ ++
WaZa
Feb 11 2004, 08:39 PM
QUOTE (TheOther @ Feb 11 2004, 08:14 PM)
Yep almost every shell I've got there is that stupid Death... worm. First I thought that it was someone else scanning at new mydoom servers, but no it only fucks up everything.
I wonder what the purpose is of making such a worm? Is it because they want to be famous or maybe they don't want us to have some fun? You well, screw them anyway.
lol, its pretty obvious. they code em so they can get as much as pcs they can get as fast as they can. i really dont see anythin wrong with it, if u can code it, u shud use it. who cares about those stupid people who just download 1,2,3 tutrials.
THoRaX
Feb 11 2004, 09:11 PM
too bad it is down.. i get some results though, but no admin rights. so i can't do anything with em
MxMx
Feb 11 2004, 09:32 PM
damn .. well .. I gotta be quick if i want to hack some more mydoom.A's .. I think when i wake up tomorrow all the doom.A's will be history .. then we will have to wait for a mydoom.C exploit maybe .. i dont know ..
GreetZ
Milka
Feb 11 2004, 10:23 PM
Tnx for the info m8 gj that new virri... I don't think some1 from M$ made this they would take 6 months in order to create something proper
Lusty
Feb 11 2004, 10:41 PM
Damn.. just got the exploid.. and no victims left for me ;(
MysteryMan
Feb 11 2004, 11:30 PM
lets find some new hole to hack ...
crash3rzz
Feb 12 2004, 01:33 AM
or maybe lets code one like this but more smarter
night^man
Feb 12 2004, 07:21 AM
darn .. it's was good one
ThE_snAke
Feb 12 2004, 08:03 AM
when you protect pc after hacking you just remove the mydoom from it that means: (hackers killed mydoom)
Diablotic
Feb 12 2004, 08:38 AM
Grrr it was the same with RPC SZIT!
Lusty
Feb 12 2004, 09:09 AM
Damn.. u are right... never thought of that.. I'ts out own fault
adenek
Feb 12 2004, 01:44 PM
rest in peece Mydoom
Hellraiseruk
Feb 12 2004, 01:59 PM
would't say it was 100% dead..i still get in the odd dameware comps so if u lucky u still mite get in a few but guess dieing off
AsuKa
Feb 12 2004, 03:45 PM
QUOTE
would't say it was 100% dead..i still get in the odd dameware comps so if u lucky u still mite get in a few but guess dieing off
I agree, I have gotten quite a few shells with MYdoom, all admin rights too to the person who posted above me who didnt. Also, I still get a fair amount of Dameware's still, but I expected Mydoom to die alot faster with all the media hype around it.
OrcoSS
Feb 12 2004, 03:57 PM
What Are You All Talking About? I'v Got Lot's Of Results...
Ash
Feb 12 2004, 04:36 PM
has any one wrote a batch file to remove all reg keys mydoom.a makes? ive been looking on net for some removers but the comp has to click start etc.. i know this is a bit offtopic but i didnt see point in making a new thread.
There are command line switches available - one can be used to run the tool silently.
Cheers mate
SLiM577
Feb 12 2004, 08:41 PM
*shrug* once the exploit dropped i copped my self a good 350 edu boxes and some .cz's them 50,000 to 75,000 boxes left are most def. cables. LEAVE THE CABLES AND DSL's , there no good anyway =/
Nexcess
Feb 12 2004, 08:43 PM
QUOTE (SLiM577 @ Feb 12 2004, 08:41 PM)
*shrug* once the exploit dropped i copped my self a good 350 edu boxes and some .cz's them 50,000 to 75,000 boxes left are most def. cables. LEAVE THE CABLES AND DSL's , there no good anyway =/
Heh.. I had like 100 edu boxs funny thing is before i secured em lamers stole most of em
Dj FeelX
Feb 12 2004, 11:18 PM
I has also read about "MyDoom is dead", but in my own opinion it's bullshit. I hacked today 15 MyDoom's and i don't see difference in today scans, and in scans before 12th this month.
GreetZ Dj_FeelX
cye
Feb 14 2004, 03:21 AM
Why is evryone cryin' instead of disassembling???
Can anyone send me doomjoice.b (or any mydoom except for mydoom.a)? I'm not good in asm, but it's just 5000 byte. So i wanna take a look of it. Send it zipped with password (with the pass in the mail), 'cause the virus own would be filtered by my mail server.
Thx: cye (cziber@ludens.elte.hu)
stoned-gecko
Feb 14 2004, 01:20 PM
is mydoom now realy death ?
everyone says lots of hacked server ...
i can execute nc but the server connectet not to me
can everybody say now ? *sry for english*
DvilleStoner
Feb 26 2004, 10:27 AM
QUOTE (SLiM577 @ Feb 12 2004, 08:41 PM)
*shrug* once the exploit dropped i copped my self a good 350 edu boxes and some .cz's them 50,000 to 75,000 boxes left are most def. cables. LEAVE THE CABLES AND DSL's , there no good anyway =/
I love cables and dsl boxes. The more i have hte more i can scan for other sploits.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
if i want to hack some more mydoom.A's ..
they would take 6 months in order to create something proper 
