NEWS FROM THE LAB - Tuesday, February 10, 2004

How widespread is Doomjuice? Posted by Mikko @ 07:24 GMT

We'd estimate the number of infected machines to be in tens of thousands around now.

This is based on the number of different IP addresses we see scanning the net for open ports 3127. This can be monitored from public services such as incidents.org. They saw 30878 source addresses on Monday for such scans...and obviously they only see part of the net.

PS. Like Mydoom.A and B, the Doomjuice worm is programmed in C. We even have a picture of a snippet of the Mydoom.A source code in the virus description.