Aliases
W32/Doomjuice.worm.a, W32.HLLW.Doomjuice, WORM_DOOMJUICE.A, Win32.Doomjuice.A, Worm.Win32.Doomjuice
Type
Win32 worm
Description
W32/Doomjuice-A is a worm which spreads by exploiting a backdoor installed by W32/MyDoom-A.
The worm creates a copy of itself named intrenat.exe in the Windows system folder and creates the following registry entry to ensure that the copy is run when Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Gremlin
= <Windows system folder>\intrenat.exe
The worm also creates a file named sync-src-1.00.tbz in the root, Windows, Windows system and user profile folders. Sync-src-1.00.tbz is a compressed archive containing source code of W32/MyDoom-A.
W32/Doomjuice-A will contact computers infected with W32/MyDoom-A by attempting to connect to port 3127 of randomly chosen IP addresses. If the worm contacts a computer infected with W32/MyDoom-A a copy of W32/Doomjuice-A will be transfered to the computer and executed.
On 9th February and any date thereafter the worm will wait for between 2 and 6 minutes and then attempt a distributed denial of service (DDoS) attack against www.microsoft.com.
http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html
Virus type: Worm
Destructive: No
Description:
TrendLabs has received several infection reports of this network worm.
This worm scans for open ports on randomly generated IP addresses. It propagates across systems that are already infected by its previous versions, WORM_MYDOOM.A and WORM_MYDOOM.B.
On system dates between February 8 and 12, this malware creates a denial of service (DoS) attack thread. It sleeps for a period of time before performing a DoS attack against the following Web site:
microsoft.com
On system dates above February 13, it continually creates DoS threads with no delay.
TrendLabs is currently analyzing this malware and will be providing more information.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic