London, UK - 12 February 2004, 11:30 GMT - Many analysts are misleading decision makers that the MyDoom epidemic is scheduled to end today. MyDoom.a is programmed to stop spreading today, marking the end of the first phase of the fastest spreading and most economically damaging malware to date. However, the back door component of the malware has no time limit so the TCP 3127 port remains open until the infected machines are cleaned. Last night the number of scans targeting or originating from port 3127 reached half a million as measured from multiple-locations worldwide. This suggests that MyDoom.a is still running on hundreds of thousands of infected computers allowing other MyDoom variants and hackers to prowl actively for infected machines. Variants of MyDoom and associated malware, like Deadhat, continue to surface and more are likely to be in the pipeline based on the trend established in the last two weeks.

[CONTINUES]

Full details of the January 2004 report are available as of 1st February 2004 and can be ordered from here. (To view contents sample please click here).

If you are already a member of the Inner Sanctum you should have been emailed a full copy. To retrieve the original article please fill out the order form.