Tuesday, September 02, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple Says ICloud Not Breached
webOS Is Still Alive With LuneOS ROM Release for Android, webOS Devices
AMD Launches AMD Radeon R9 285 Graphics, "Never Settle: Space Edition" Game Bundle
AMD Introduces New 8-core FX-series Processors
New Philips Hue Beyond Combines Functionality And Ambient Lighting for Home
LG and Samsung Add Swarovski Crystals on Their Products
Pioneer DDJ-WeGO3 Allows You To Mix Tracks from Spotify or iTunes
Apple's iCloud Could Have Allowed Celebrity Nude-Photo Leak
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > DDoS At...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 09, 2009
DDoS Attacking US and South Korea Government Sites


There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN.

The worm reportedly may be received as an email attachment.

Once executed, the worm drops the following files, according to Symantec:

* %System%\[RANDOM CHARACTERS].nls
* %System%\wmcfg.exe (detected as W32.Mydoom.A@mm)
* %System%\wmiconf.dll (detected as Trojan.Dozer)
* %System%\dllcache\npptools.dll
* %System%\drivers\npf.sys
* %System%\npptools.dll
* %System%\Packet.dll
* %System%\WanPacket.dll
* %System%\wpcap.dll

The worm creates the following registry entry, so that it runs every time Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost\"wmiconf" = "WmiConfig&#"

It creates a new service with the following characteristics:

Service name: WmiConfig service
Display name: WmiConfig service
Startup Type: Automatic

The worm creates the service by adding entries to the following registry subkeys:

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiConfig
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiConfig

The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A@mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email.

South Korea's spy agency suspects North Korea is behind the series of attacks that have triggered Web site outages in South Korea and the United States.


Previous
Next
NXP and TSMC Deliver First 45nm Single-Chip Digital TV Platform        All News        Nokia Introduces the Nokia 3720 Classic
IBM Develops Shield to Mask Sensitive On-Screen Information     General Computing News      LaCie Introduces Mobile High-Definition Multimedia Player: LaCinema Rugged HD

Get RSS feed Easy Print E-Mail this Message

Related News
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .