Symantec Security Response is currently monitoring a cyber attack – a distributed denial of service (DDoS) – impacting multiple U.S. and South Korean government, financial and media Web sites. A portion of the attack is being carried out by a piece of malware Symantec has identified as w32.dozer and variants of the MyDoom worm that appear to be infecting computers globally.

W32.dozer is a threat that is predominately distributed as an email attachment.  Once a user clicks on the attachment, the threat downloads a package onto the system that contains the following:

• Trojan.dozer, which is used to overtake the computer for the botnet

• A list of host sites, which instructs the botnet to which sites to attack

• MyDoom worm, which is currently believed to be used for its mass mailing capabilities to redistribute w32.dozer

Initially, it was reported that the attack leveraged more than 50,000 computers.  The size of the botnet used for this DDoS is only a fraction of the one that is still being created by Downadup/Conficker, which was estimated at a few million machines at its peak.

If the system is infected, the user may not experience any performance slowdown; however, users trying to visit the impacted sites may experience significant slowdown and inability to access the sites.

To help stop this DDoS, Symantec encourages all computer users to update their security software with the latest definitions, keep their computer systems clean and continue to use general best practices for staying safe online.