Wednesday, March 04, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
IBM Buys AlchemyAPI
New Toshiba Smartwatch Reference Model features Bluetooth connectivity and Qi Wireless Charging
Samsung Expands Digital Display Portfolio with YESCO Electronics Acquisition
LG To Launch New Flagship Smartphone
Valve Reveals Steam Link Box For Steam In-home Game Streaming
NVIDIA Launches Shield Android Console That Streams PC Games from the Cloud
Sony's Project Morpheus Upgraded, Coming in 2016
Google Says Android Lollipop Does Not Encrypt Data Due To Performance Issues
Active Discussions
Need serious help!!!!
burning
nvidia 6200 review
Hello
Burning Multimedia in track 0
I'm lazy. Please help.
sanyo e6 camera
need help on some cd burning...
 Home > News > General Computing > DDoS At...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 09, 2009
DDoS Attacking US and South Korea Government Sites


There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN.

The worm reportedly may be received as an email attachment.

Once executed, the worm drops the following files, according to Symantec:

* %System%\[RANDOM CHARACTERS].nls
* %System%\wmcfg.exe (detected as W32.Mydoom.A@mm)
* %System%\wmiconf.dll (detected as Trojan.Dozer)
* %System%\dllcache\npptools.dll
* %System%\drivers\npf.sys
* %System%\npptools.dll
* %System%\Packet.dll
* %System%\WanPacket.dll
* %System%\wpcap.dll

The worm creates the following registry entry, so that it runs every time Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#"

It creates a new service with the following characteristics:

Service name: WmiConfig service
Display name: WmiConfig service
Startup Type: Automatic

The worm creates the service by adding entries to the following registry subkeys:

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A@mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email.

South Korea's spy agency suspects North Korea is behind the series of attacks that have triggered Web site outages in South Korea and the United States.


Previous
Next
NXP and TSMC Deliver First 45nm Single-Chip Digital TV Platform        All News        Nokia Introduces the Nokia 3720 Classic
IBM Develops Shield to Mask Sensitive On-Screen Information     General Computing News      LaCie Introduces Mobile High-Definition Multimedia Player: LaCinema Rugged HD

Get RSS feed Easy Print E-Mail this Message

Related News
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .