Symantec under attack from MyDoom

Virus writers are targeting Symantec's Web site with a coordinated denial-of-service attack
Written by Dan Ilett, Contributor
Antivirus firm Symantec is facing a denial-of-service attack on its Web site from the latest version of the MyDoom worm.

Authors of MyDoom.X have planned the coordinated attack for 29 September this year.

A spokeswoman from Symantec said: "The team is currently analysing this. They haven't received a single submission yet, which indicates that it's not a big problem and there's no need to panic. We are being vigilant about this."

According to antivirus firm Sophos, the worm is not widespread. Sophos warned its customers about the worm this morning.

"It shows the animosity that's going on at the moment," said Graham Cluley, senior technology consultant for Sophos. "An attack like this is clearly criminal and these people need to be reprimanded. It shouldn't bring down someone like Symantec though."

An attack on Symantec's site would not be the first MyDoom DDOS assault. Earlier this year, worm writers successfully brought down the SCO Web site for several months in a similar MyDoom denial-of-service attack.

The authors of the MyDoom U,V and W worms may also have revealed a new motive for their attacks. They've embedded a message in these variants of the worm asking for jobs in the antivirus industry.

MyDoom U,V and W contain the message: "We searching 4 work in AV industry," according to Sophos. However, the tactic is unlikely to endear them to their target employers. Cluley said: "It's very simple. If you write a virus, we will never ever employ you."

These variants of the worms travel as email attachments, and if executed download a Trojan called Surila, opening a back door that allows remote control of the victim's computer.

Editorial standards