Symantec's security response department is currently monitoring a type of network attack - a distributed denial-of-service (DDoS) attack - that is greatly affecting many media and financial sites and Government of the US and South Korea.
Part of this attack was carried out by a type of malware that Symantec identified as w32.dozer and variants of the MyDoom worm - which seem to have infected many computers globally.
W32.dozer is a threat often distributed as an email attachment. When a user clicks on the attachment, the threat loads a packet to the system, containing the following components:
Trojan.dozer worm - used to control the computer for the ghost computer network (botnet). A list of host addresses, which instructs the botnet to attack which site.
MyDoom worm, it is thought that this worm will be used to send a lot of spam to distribute w32.dozer.
Initially, it was said that this attack took advantage of more than 50,000 computers. The spread of the ghost botnet used for this DDoS attack is only half of the number of machines infected with the Downadup / Conlicker worm - which is estimated to infect several million computers at high times. its movement.
If the system is infected, the user may not realize a decrease in system performance. However, when users try to access restricted sites, they will see significant performance degradation and cannot access these pages.
In order to help prevent this type of DDoS attack, Symantec recommends that computer users should update the security software with the latest virus identifiers, always scan the system for viruses and regularly implement the best methods to Safe Internet surfing.