GEN:SID 1:2375
Message BACKDOOR DoomJuice file upload attempt
Summary This event is generated when activity from the worm DoomJuice is
detected.
Impact This is indicative of worm activity which may launch of a Denial of
Service condition against Microsoft from infected machines.
Detailed Information This event is indicative of activity by the DoomJuice worm. This worm
attempts to connect to random addresses on port 3127, if it receives a
response it will attempt to upload a copy of itself to the target
machine. If no response is received on that port, it will try on ports
between 3127 and 3199.

If the date is between February 8th and February 28th 2004, the worm
will attempt to launch a Denial of Service (DoS) attack against
www.microsoft.com.
Affected Systems Windows 95
    Windows 98
    Windows Me
    Windows NT
    Windows 2000
    Windows XP
    Windows Server 2003
Attack Scenarios This is worm activity.
Ease of Attack Simple.
Corrective Action Use Anti-Virus software to remove the worm.
Additional References  
Rule References url: securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html