We’re happy to report that so far today, Peacomm and Mixor.Q activity is lighter than the maelstrom of activity we’ve seen in previous days. We’ve noted no new spam runs today, with the malware submissions and activity levels tapering off a bit as well. Phew! Our Security Response team in Pune, India, has pulled together a slick Flash-based run through of the attack, which can be viewed using the following URL: http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html
Just a little more info on this threat you may have not heard before—it is communicating over peer-to-peer using the Overnet protocol and network (of eDonkey fame). After connecting to the network, the threat then searches for some particular hashes (searches are done by hash, not by specific filename) and eventually it receives a reply that includes some 'meta tag' information...
Back in the wild and wooly pre-bust days of ’98, distributed denial of service attacks (DDoS) knocked the froth off of some very high profile Web sites. Backed by malcode like Trin00 and Stacheldracht, the attacks made headlines everywhere, as online businesses that were the frontrunners of the emerging Internet economy were unexpectedly closed for business while they did battle with the legions of zombie computers slinging packets at them and tying up their systems.
So here we are, approximately eight years later. Trin00 and Stacheldracht have been replaced by much more powerful, multi-purpose successors like Spybot and Gaobot. And the attacks keep coming. The latest Symantec Internet Security Threat Report (March 2006) showed a 51% increase in denial of service attacks. The previous period (January 2005 to June 2005) was characterized by a gaudy 680% growth, as attacks surged from 119 per day to 927 per day. The number for the second half of 2005 now...
