GEN:SID | 1:2375 |
Message | BACKDOOR DoomJuice file upload attempt |
Summary | This event is generated when activity from the worm DoomJuice is detected.
|
Impact | This is indicative of worm activity which may launch of a Denial of Service condition against Microsoft from infected machines.
|
Detailed Information | This event is indicative of activity by the DoomJuice worm. This worm attempts to connect to random addresses on port 3127, if it receives a response it will attempt to upload a copy of itself to the target machine. If no response is received on that port, it will try on ports between 3127 and 3199.
If the date is between February 8th and February 28th 2004, the worm will attempt to launch a Denial of Service (DoS) attack against www.microsoft.com.
|
Affected Systems | Windows 95 Windows 98 Windows Me Windows NT Windows 2000 Windows XP Windows Server 2003
|
Attack Scenarios | This is worm activity.
|
Ease of Attack | Simple.
|
Corrective Action | Use Anti-Virus software to remove the worm.
|
Additional References | |
Rule References | url: securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
|