Saturday, August 01, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Sees Growth Beyond The Desktop With Windows 10
Yahoo Gets Fashionable With Acquisition Of Polyvore
NVIDIA Recalls SHIELD Tablets Due To Battery Issues
Firefox Attacks Microsoft Over Default Browser in Windows 10
Sharp to Exit Americas TV Market
Researchers Showcase Javascript-based Attack On a Computer's DRAM
Hackers Used Twitter hashtags To Extract Data From Compromised Networks
Facebook Unveils New Security Checkup Tool
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > DDoS At...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 09, 2009
DDoS Attacking US and South Korea Government Sites


There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN.

The worm reportedly may be received as an email attachment.

Once executed, the worm drops the following files, according to Symantec:

* %System%\[RANDOM CHARACTERS].nls
* %System%\wmcfg.exe (detected as W32.Mydoom.A@mm)
* %System%\wmiconf.dll (detected as Trojan.Dozer)
* %System%\dllcache\npptools.dll
* %System%\drivers\npf.sys
* %System%\npptools.dll
* %System%\Packet.dll
* %System%\WanPacket.dll
* %System%\wpcap.dll

The worm creates the following registry entry, so that it runs every time Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#"

It creates a new service with the following characteristics:

Service name: WmiConfig service
Display name: WmiConfig service
Startup Type: Automatic

The worm creates the service by adding entries to the following registry subkeys:

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A@mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email.

South Korea's spy agency suspects North Korea is behind the series of attacks that have triggered Web site outages in South Korea and the United States.


Previous
Next
NXP and TSMC Deliver First 45nm Single-Chip Digital TV Platform        All News        Nokia Introduces the Nokia 3720 Classic
IBM Develops Shield to Mask Sensitive On-Screen Information     General Computing News      LaCie Introduces Mobile High-Definition Multimedia Player: LaCinema Rugged HD

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .