Updated MyDoom responsible for DDOS attacks, says AhnLab

By Martyn Williams and Jeremy Kirk

July 8, 2009 05:45 AM ET

Comments

(0)

Top Stories

IDG News Service - An updated version of the MyDoom virus is responsible for a large DDOS (distributed denial of service) attack that took down major U.S. Web sites over the weekend and South Korean Web sites on Wednesday, according to Korean computer security company AhnLab.

When it was discovered in January 2004, MyDoom quickly became the fastest-spreading e-mail worm in Internet history. Once a PC was infected with MyDoom, it would harvest e-mail addresses and e-mails itself out repeatedly. Early variants MyDoom were coded to conduct DDOS attacks against other Web sites within certain time periods.

The latest MyDoom variants seen by AhnLab also include a downloader that can bring other malicious code into the compromised PC, a feature also present in earlier versions of the malware. An additional file contains details of Web site to be attacked.

It lists 13 South Korean Web sites and 23 U.S. sites, according to a Korean blogger who analyzed the source code. Most of the sites on the list are those reported to have been attacked or are still under attack.

While U.S. sites experienced problems over the weekend, in South Korea the trouble began on Tuesday night. Throughout most of Wednesday many of the Web sites, which include several high-profile properties, were unavailable.

As of 6 p.m. local time (9 a.m. GMT) government sites inaccessible are the presidential Web site, the National Assembly and those of the Foreign Affairs and National Defense ministries. Also offline are the Grand National Party, U.S. Forces Korea and the electronic banking sites of Korea Exchange Bank, Shinhan Bank and NongHyup Bank.

Shortly before 6 p.m. two major commercial sites that had been unavailable for most of the day, the Chosun Ilbo national daily and Internet Auction, reappeared. Only two of the 13 Korean sites listed had been available for most of the day: the e-mail and blog sites of major portal Naver.

AhnLab said the code has been written so its possible for the attackers to change the list of sites targeted.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

An updated version of the MyDoom virus is responsible for a large DDOS (distributed denial of service) attack that took down major U.S. Web sites over the weekend and South Korean Web sites on Wednesday

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.