These are the new scripts on the walls of Babylon: فليكن سقوط شارون سقوطاً للصهيونية What was created from lies, and nurtured by lies, must face the destiny of lies, too; Or did their God choose brain-dead mokeys unable to see beyond their sick ego's and their ugly noses ! [sic , Sharon !]

Al-Arab Blog - مدونة العرب

Iraqi Quagmire for The American Empire

2004/01/29

Targeting The Big Corps : NEW Virus : Mydoom.B DDOS Attack Thread every 1024 milliseconds

F-Secure Computer Virus Information Pages: Mydoom.B







Payload

The worm will perform a DDoS attack against www.microsoft.com on 3rd of February 2004 at 13:09:18 (UTC) and www.sco.com on 1st of February 2004 at 16:09:18 (UTC).

The DDoS attack launches 8 threads against www.sco.com every 1024 milliseconds.

The other DDoS attack launches 14 threads against www.microsoft.com every 1024 milliseconds.

The hosts file in the infected machines will be modified so that domains belonging to Anti-Virus companies and other commercial sites are resolved to the IP address 0.0.0.0, rendering them unaccessible.

The full contents of this file follow (The file is encrypted within the worms code):


0.0.0.0 engine.awaps.net awaps.net www.awaps.net ad.doubleclick.net
0.0.0.0 spd.atdmt.com atdmt.com click.atdmt.com clicks.atdmt.com
0.0.0.0 media.fastclick.net fastclick.net www.fastclick.net ad.fastclick.net
0.0.0.0 ads.fastclick.net banner.fastclick.net banners.fastclick.net
0.0.0.0 www.sophos.com sophos.com ftp.sophos.com f-secure.com www.f-secure.com
0.0.0.0 ftp.f-secure.com securityresponse.symantec.com
0.0.0.0 www.symantec.com symantec.com service1.symantec.com
0.0.0.0 liveupdate.symantec.com update.symantec.com updates.symantec.com
0.0.0.0 support.microsoft.com downloads.microsoft.com
0.0.0.0 download.microsoft.com windowsupdate.microsoft.com
0.0.0.0 office.microsoft.com msdn.microsoft.com go.microsoft.com
0.0.0.0 nai.com www.nai.com vil.nai.com secure.nai.com www.networkassociates.com
0.0.0.0 networkassociates.com avp.ru www.avp.ru www.kaspersky.ru
0.0.0.0 www.viruslist.ru viruslist.ru avp.ch www.avp.ch www.avp.com
0.0.0.0 avp.com us.mcafee.com mcafee.com www.mcafee.com dispatch.mcafee.com
0.0.0.0 download.mcafee.com mast.mcafee.com www.trendmicro.com
0.0.0.0 www3.ca.com ca.com www.ca.com www.my-etrust.com
0.0.0.0 my-etrust.com ar.atwola.com phx.corporate-ir.net

An additional line is added before the the date when attack against Microsoft begins:

0.0.0.0 www.microsoft.com

Which will make the site unaccessible. The 3rd of February the entry will be removed so the attack can be performed, which will probably cause some difficulties reaching it, if the DDoS is successful.

The modifications in the hosts file are probably targeted so that customers of the most widespread Anti-Virus products can't download new updates to disinfect the worm.

0 Comments:

إرسال تعليق



"Join this group"
مجموعة العروبيين : ملتقى العروبيين للحوار البناء من أجل مستقبل عربي افضل ليشرق الخير و تسمو الحرية
Google Groups Subscribe to Arab Nationalist
Email:
Browse Archives at groups-beta.google.com

Creative Commons License
This work is licensed under a Creative Commons License
.


Anti War - Anti Racism

Let the downFall of Sharon be end to Zionism



By the Late, great political cartoonist Mahmoud Kahil