Tuesday, November 24, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Black Friday Deals on Microsoft device
AMD Ends Driver Support For Radeon HD 5000 and 6000 series
New AMD Radeon Software Crimson Edition Available For Download
ASUS RoG Announces Maximus VIII Hero Alpha
Apple To Brings Apple Pay To China
Xiaomi Launches New Redmi Note 3 Smartphone And Mi Pad 2 Tablet
Dell Says Security Hole Identified In Some Laptops
Sony PlayStation 4 Now Available For $299
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > DDoS At...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 09, 2009
DDoS Attacking US and South Korea Government Sites

There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN.

The worm reportedly may be received as an email attachment.

Once executed, the worm drops the following files, according to Symantec:

* %System%\[RANDOM CHARACTERS].nls
* %System%\wmcfg.exe (detected as W32.Mydoom.A@mm)
* %System%\wmiconf.dll (detected as Trojan.Dozer)
* %System%\dllcache\npptools.dll
* %System%\drivers\npf.sys
* %System%\npptools.dll
* %System%\Packet.dll
* %System%\WanPacket.dll
* %System%\wpcap.dll

The worm creates the following registry entry, so that it runs every time Windows starts:

NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#"

It creates a new service with the following characteristics:

Service name: WmiConfig service
Display name: WmiConfig service
Startup Type: Automatic

The worm creates the service by adding entries to the following registry subkeys:

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A@mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email.

South Korea's spy agency suspects North Korea is behind the series of attacks that have triggered Web site outages in South Korea and the United States.

NXP and TSMC Deliver First 45nm Single-Chip Digital TV Platform        All News        Nokia Introduces the Nokia 3720 Classic
IBM Develops Shield to Mask Sensitive On-Screen Information     General Computing News      LaCie Introduces Mobile High-Definition Multimedia Player: LaCinema Rugged HD

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .