[nsp-sec] Multiple DDoS attacks (More outbound bot IP calls)
Chris Calvert
Chris.Calvert at telus.com
Thu Jul 9 15:18:38 EDT 2009
An interesting claim from an unusual source:
http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=25651
"There is currently a DDoS attack against a number of websites, most of them belong to US and South Korea goverment sites. The malware involved in the attack has been detected as W32/Mydoom.HN."
and
"The worm drops Trojan.Dozer, a distributed denial of service (DDoS) Trojan, and W32.Mydoom.A at mm, the component that sends out the emails with W32.Dozer attached. All of these components work together to perform the DDoS attacks and spread through email."
First time I've seen specific malware pointed at. Anyone have information on what Dozer-related flows would look like?
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Dave Mitchell
> Sent: Wednesday, July 08, 2009 10:57 PM
> To: Dave Mitchell
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Multiple DDoS attacks (More outbound bot IP calls)
>
> ----------- nsp-security Confidential --------
More information about the nsp-security
mailing list