NEWS FROM THE LAB - Wednesday, July 8, 2009

Lyzapo DDoS Attack on US and South Korean Websites Posted by Mikko @ 20:05 GMT

There's a fairly large-scale DDoS attack underway, targeting several South Korean and US websites.

The sites hurt most at the moment seem to be FTC.GOV and usauctionslive.com.

usauctionslive.com     ftc.gov

Other targets, like whitehouse.gov seem to be unaffected (then again, whitehouse.gov runs under Akamai, making it a much harder target).

Some sources have linked this attack to the 5-year old Mydoom worm family. Here's what we know of this: a pack of sample files related to this attack has been making rounds between antivirus labs.

One of those files (MD5: 93322e3614babd2f36131d604fb42905) really is a Mydoom variant.

We detect it as Email-Worm.Win32.Mydoom.hw. However, we can't find any evidence that this particular file would attack any of the targets currently under DDoS.


Updated to add: More information via SANS Diary.