Antivirus companies issued warnings and software updates on Tuesday for a new Internet worm, dubbed Zindos, that infects machines already compromised by the MyDoom.O worm, which appeared on Monday, and launches an attack on the Microsoft Corp. Web site.
Zindos.A takes advantage of an open back door in Windows machines that contracted the MyDoom.O worm. While the worm has not knocked Microsoft’s Web site offline and is not considered a serious threat by most antivirus vendors, the ease with which it spread raises troubling questions about the ability of virus authors to control and plant malicious programs on machines infected by their creations, said Graham Cluley, senior technology consultant at antivirus company Sophos PLC.
The Zindos worm spreads through TCP (Transmission Control Protocol) port 1034, which was opened by a Trojan horse program called Zincite that MyDoom.O deposited on Windows machines it infected, according to antivirus company Symantec Corp.
MyDoom.O, referred to by some antivirus companies as MyDoom.M, appeared on Monday and is the 15th variant of the original MyDoom worm, which ravaged the Internet in January.
News source: InfoWorld