Sunday, November 23, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Regin Trojan Enables Stealthy Surveillance: Symantec
ASTC Says 100 TB HDDs Coming in 2025
Alienware Alpha PC Gaming Console Now Shipping
Samsung Files ITC Complaint Against Nvidia
Europe To Ask Google Unlink Its Commercial And Search Services
Streaming TV Service Aereo Files for Bankruptcy
Square Launches Cash Register Service
Call of Duty: Advanced Warfare is the Biggest Entertainment Launch of 2014
Active Discussions
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
How to generate lots of different CDs quickly
 Home > News > General Computing > DDoS At...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 09, 2009
DDoS Attacking US and South Korea Government Sites


There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN.

The worm reportedly may be received as an email attachment.

Once executed, the worm drops the following files, according to Symantec:

* %System%\[RANDOM CHARACTERS].nls
* %System%\wmcfg.exe (detected as W32.Mydoom.A@mm)
* %System%\wmiconf.dll (detected as Trojan.Dozer)
* %System%\dllcache\npptools.dll
* %System%\drivers\npf.sys
* %System%\npptools.dll
* %System%\Packet.dll
* %System%\WanPacket.dll
* %System%\wpcap.dll

The worm creates the following registry entry, so that it runs every time Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#"

It creates a new service with the following characteristics:

Service name: WmiConfig service
Display name: WmiConfig service
Startup Type: Automatic

The worm creates the service by adding entries to the following registry subkeys:

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A@mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email.

South Korea's spy agency suspects North Korea is behind the series of attacks that have triggered Web site outages in South Korea and the United States.


Previous
Next
NXP and TSMC Deliver First 45nm Single-Chip Digital TV Platform        All News        Nokia Introduces the Nokia 3720 Classic
IBM Develops Shield to Mask Sensitive On-Screen Information     General Computing News      LaCie Introduces Mobile High-Definition Multimedia Player: LaCinema Rugged HD

Get RSS feed Easy Print E-Mail this Message

Related News
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .