Dozer DDOS

Incident/threat: DDOS attacks impacting U.S. and South Korean government, financial and media Web sites.

Worried about the Dozer DDOS? Don’t Be

This week’s news has been full of alarmist stories of a cyber-attack on the US and S. Korea.

Don’t be alarmed. These attacks won’t be noticed by most people and are no more than an inconvenience to those that do. It may be slow to get to a few web sites, including a few prominent government and commercial web sites. However, most of the attacked sites have response plans in place and have not been significantly affected by the attacks.

If you have Norton AntiVirus, Norton Internet Security or Norton 360 you are protected from the software that is the source of these attacks – software called, W32.dozer and variants of the MyDoom and W32.Mytob!gen worms.

Users who are not running Norton security software and who are infected by one or more of these worms are at serious risk of data loss. This attack will attempt to delete all data files on the infected computer and damage the computer’s master boot record, making the computer unbootable without a recovery disk.

Symantec Response has posted a blog entry with more information: http://www.symantec.com/connect/blogs/born-4th-july

How does the attack work?

DDoS – (distributed denial of service) attacks try to block access to web sites by overwhelming those sites with traffic. To generate the traffic, attackers infect and remotely control other people’s computers. These infected computers (called Zombies) are assembled into a network (or botnet) that can be commanded to simultaneously send network traffic to the targeted websites. The botnet that is responsible for the latest wave of attacks on US and S. Korean websites seems to be comprised of up to 50,000 infected computers. Some botnets have commanded over 5 million computers.

The worms behind the attack spread primarily by email.

Who is at risk?

Users who are not running a strong internet security suite are at risk of being infected. Once infected, the worms will attempt to delete most data files on the targeted system – and then it will delete the computer’s master boot record (MBR), making the computer unbootable without a rescue disk. All users may have difficulty accessing a long list of US and S. Korean government web sites as well as a few commercial sites.

What to do?

To avoid having your computer included in a botnet, users are advised to install Norton Internet Security 2009. Unlike free virus scanners, Norton products will detect not just viruses, but attempts to hack your computer or to take advantage of new weaknesses or vulnerabilities.

Advice to Stay Safe:

1. Run a good security suite (we are partial to Norton Internet Security and Norton 360).
2. Keep your computer updated with the latest patches and updates.
3. Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service.
4. Back up your computer
5. Check your bank and credit card accounts regularly to ensure that all transactions are legitimate

FAQ

Q. I only use the internet to check my email and to read the news, am I at risk?
A. Yes. Malware can spread in many different ways including being dropped onto your system by an infected web site, files spread by email and instant messaging, even programs hidden on memory sticks and other peripherals. The particular worm behind this attack spreads primarily by email. However, even if you use the internet for only the most basic of services you need security.

Q: How do I know if I am infected?
A.The only reliable way to know if you are infected is to scan your computer with a good security product.  Most virus writers attempt to hide their activities.  Users may be infected for months without realizing that their computer has been compromised.

Keywords and Phrases

Dozer
DDoS
Mydoom
Mytob!gen
Cyber war
Cyber attack