SCO.a or Mydoom Worm Causing More problems, Hacker Abuses

The Mydoom or SCO.A worm is leading to some new issues. The worm installs a backdoor that allows remote users access to the infected system, and logs keystrokes and sends off certain passwords.

This has lead to some pretty widespread hacking activity, unrelated attackers using infected systems to gain further access and harvest passwords.

The gist here is, if you have an infected system you should consider that a complete compromise. Execute your incident response plans. In addition, you should:

    1: Change all passwords used on or near that machine
    2: Force all user passwords in your domain to expire and be changed (they could have been harvested)
    3: Change all administrative passwords
    4: Remove the infected system from the network, even if cleaned by antivirus. It should be rebuilt, but at least be completely inspected by a security professional before being returned to service.

An infection by this worm is not just your regular infection. It’s a complete compromise that may have had the attention of a live human being attacker after the infection.

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...