NEWS FROM THE LAB - Wednesday, February 11, 2004

New variant of Doomjuice found Posted by Mikko @ 10:57 GMT

A new variant of Doomjuice worm was found two hours ago. This one also attacks against www.microsoft.com - like Doomjuice.A.

The worm attacks www.microsoft.com via http protocol like Doomjuice.A, but now it sets random HTTP headers to make it more difficult to filter out the attack traffic:

User-Agent: Mozilla/4.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0)
Accept-Encoding: gzip, deflate
Accept-Language: en
Accept-Language: en-us