W32/Doomjuice.A

Download VIRUSfighter NOW
W32/Doomjuice.A Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 2/11/2004 • Type: Worm
• Virus characteristics first published: 2/11/2004 • Spreading mechanism: Other
• Virus characteristics latest update: 3/19/2004 • Overall risk: Low
• Alias: W32/MyDoom.C • Payload: Denial of service attack
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

This worm brings the source code of MyDoom.A with it. What is the reason for this?

At this point in time we can only speculate.

Some have asserted that the reason is to hide the trail of the real MyDoom.A author.

Our assessment is that this is probably not correct.
The real author, in contrast to where the source has just been planted, will have a build environment for the worm (with C compiler); he/shel likely has several beta versions lying around; he/she will likely have other documentation present that speaks about his inclination towards virus writing; AND he/she will certainly have the sources of MyDoom.B and Doomjuice present as well. In other words, sending the A source out as an attempt to hide would be useless. 

We believe it is more likely that the author is trying to stimulate creation of new variants based upon the MyDoom.A source code. This can have an effect the author needs - more computers with open backdoors that can be used for virus propagation.

Snorre Fagerland
Senior Virus Analyst
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter