Updated MyDoom responsible for DDOS attacks, says AhnLab

By Martyn Williams and Jeremy Kirk

July 8, 2009 05:45 AM ET

Comments

(0)

Top Stories

IDG News Service - An updated version of the MyDoom virus is responsible for a large DDOS (distributed denial of service) attack that took down major U.S. Web sites over the weekend and South Korean Web sites on Wednesday, according to Korean computer security company AhnLab.

When it was discovered in January 2004, MyDoom quickly became the fastest-spreading e-mail worm in Internet history. Once a PC was infected with MyDoom, it would harvest e-mail addresses and e-mails itself out repeatedly. Early variants MyDoom were coded to conduct DDOS attacks against other Web sites within certain time periods.

The latest MyDoom variants seen by AhnLab also include a downloader that can bring other malicious code into the compromised PC, a feature also present in earlier versions of the malware. An additional file contains details of Web site to be attacked.

It lists 13 South Korean Web sites and 23 U.S. sites, according to a Korean blogger who analyzed the source code. Most of the sites on the list are those reported to have been attacked or are still under attack.

While U.S. sites experienced problems over the weekend, in South Korea the trouble began on Tuesday night. Throughout most of Wednesday many of the Web sites, which include several high-profile properties, were unavailable.

As of 6 p.m. local time (9 a.m. GMT) government sites inaccessible are the presidential Web site, the National Assembly and those of the Foreign Affairs and National Defense ministries. Also offline are the Grand National Party, U.S. Forces Korea and the electronic banking sites of Korea Exchange Bank, Shinhan Bank and NongHyup Bank.

Shortly before 6 p.m. two major commercial sites that had been unavailable for most of the day, the Chosun Ilbo national daily and Internet Auction, reappeared. Only two of the 13 Korean sites listed had been available for most of the day: the e-mail and blog sites of major portal Naver.

AhnLab said the code has been written so its possible for the attackers to change the list of sites targeted.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

An updated version of the MyDoom virus is responsible for a large DDOS (distributed denial of service) attack that took down major U.S. Web sites over the weekend and South Korean Web sites on Wednesday

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.