FANDOM


Smallwikipedialogo
Most of this page uses content from Wikipedia. The original article was at Doomjuice. The page may have contained some inaccurate or outdated information, so please edit it so it contains better information.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.


Doomjuice is a variant of the Mydoom computer worm, in two variants known as Doomjuice.A or Doomjuice.B. It infects Microsoft Windows utilization on the ports left open by the Mydoom.A and Mydoom.B worms. This worm also launches a Denial of Service (DdoS) attack on the Microsoft website.

Payloads

When Doomjuice runs, it copies itself to the %System% or %temp% directory. The worm also adds a value to one of the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The data in this registry value references the created copy of the worm. This value causes the worm to run when Windows starts.

Doomjuice may create the file sync-src-1.00.tbz in the following locations:

  • root of all fixed drives c-z
  •  %Windows%
  •  %System%
  •  %Temp%
  •  %USERPROFILE%

References 

http://www.symantec.com/security_response/writeup.jsp?docid=2004-020909-2916-99