The MyDoom virus just got a little juicier. Doomjuice, the new MyDoom variant also known as MyDoom c, does not spread by e-mail. Instead it enters a computer by the backdoor that is left open by the MyDoom virus. That means that only computers infected with MyDoom will get this virus. It also means that a computer infected with MyDoom will acquire the Doomjuice virus simply by connecting to the Internet where Doomjuice is constantly scanning for vulnerable computers. Doomjuice launches an aggressive denial-of-service attack (DoS) on the Microsoft Web site just as MyDoom did against the SCO Web site. Doomjuice, however, has no kill date like the one that was found in MyDoom. The MyDoom attacks against SCO had a stop date of February 12^th. Doomjuice will continue its Microsoft attacks until the virus is eliminated from all computers. With estimates that MyDoom has already infected over one million computers, it could take a long time before it is cleaned off all computers.

There is no indication that the Doomjuice virus has infected a computer. If, in fact, a computer already has the MyDoom virus, Doomjuice just enters silently. It then sends out requests for information from the Microsoft Web site creating what is known as a denial-of-service attack. Unless a firewall alerts the computer user when information is leaving their computer, Doomjuice can operate completely in the background without the computer user’s knowledge.

Doomjuice can affect MyDoom infected computers running Windows 95, Windows Me, Windows 2000, Windows NT, Windows XP, and Windows Server 2003.

All the major anti-virus companies have included Doomjuice in their current anti-virus definitions. As always, better to be safe than sorry. Be sure you install a good anti-virus program and that it is updated regularly.