Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Doomjuice/MyDoom.C, Sharp Increase in port 445 and 139 scans - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Doomjuice/MyDoom.C, Sharp Increase in port 445 and 139 scans

A new worm, named Doomjuice and MyDoom.C by various AV vendors, was identified. It spreads by exploiting the backdoor left by MyDoom.A and MyDoom.B. After infecting a system, it leaves a copy of the Mydoom.A source in a file named 'sync-src-1.00.tbz'. Doomjuice is also set to perform a DDOS against

More information and removal instructions are available at:

Port 445 and 139

A sharp increase in the number of connections to ports 445 and 139 has been reported. The source of these has yet to be determined.

MyDoom Hype Fueled By Antivirus Software Vendors

Computerworld has a good article regarding the media hype that has been generated around the MyDoom worms. MyDoom is credited as the fastest spreading worms in history, but has not caused nearly the disruptions of Slammer and Blaster. Article is here:,10801,89649,00.html

Handler on Duty: Dave Brookshire


17 Posts
Feb 10th 2004

Sign Up for Free or Log In to start participating in the conversation!