MxMx
Feb 26 2004, 09:20 AM
The W32.Mydoom.F@mm worm:
Is a mass-mailing worm that opens a backdoor on TCP port 1080
Can download and execute arbitrary files
Will perform a Denial of Service (DoS) against www.microsoft.com and www.riaa.com, if the computer's local system date is between 17th and 22nd of any month.
Sets up a backdoor in an infected system, by opening TCP port 1080. This could allow an attacker to connect to a computer and use it as a proxy to gain access to its network resources.
is this port 1080 .. the same kind of port which mydoom.A opened?
I mean .. should the exploit of MyDoom.A work also on MyDoom.F?
thanks
Samkbc
Feb 26 2004, 09:36 AM
Im not sure if it will, as its on 1080. I have tried several but none work with the mydoom.a exploit, so correct me if im wrong, but I think it doesnt work with the same exploit.
MxMx
Feb 26 2004, 10:30 AM
ur right .. ive tested it ..
mhh I think I need the source code of the .F version to compile a exploit ..
zero-maitimax
Feb 26 2004, 11:04 AM
i have lookt at the source but the veluw name's has been change.. could be that's this is the problem?
MxMx
Feb 26 2004, 11:30 AM
I just need the trojan ..
its probably another code as Mydoom.A
D3ADLiN3
Feb 26 2004, 12:33 PM
isnt 1080 the socks proxy port?
riotz
Feb 26 2004, 12:55 PM
anyone with the binary ?
flashb4ck
Feb 26 2004, 12:56 PM
mydoom had his port on 3127 not 1080 i think ;D
cecrex
Feb 26 2004, 01:54 PM
MyDoom port is 3127..
Ash
Feb 26 2004, 04:02 PM
Black Flag
Feb 26 2004, 11:19 PM
yeah port 1080 is default socks proxy port, so scanning for port1080 wouldn't give you many positive results. however you could probably filter them out by use of banner scanning.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
