myNetWatchman KnowledgeBase
Pooling knowledge to
secure the internet.
|
 |
2004-02-12 -
The recent rash of port scans targetting tcp/3127 and tcp/3128 (the backdoor ports for the MyDoom worm) can be
attributed to the DoomJuice worm. Hosts doing hybrid scans for tcp/3127/3128 AND tcp/1080 match the pattern of the
DeadHat.B worm. For details and removal instructions see:
Microsoft's MyDoom and DoomJuice Removal Tools
WORM_DEADHAT.B
|
