7 reports
IssuemakersLab's 7.7 DDoS presentation describes a hierarchical botnet used in the July 2009 attacks against South Korean and U.S. government, media, and financial websites. The malware family included file-information stealers, DDoS components, spam comp…
The July 2009 DDoS activity began against major U.S. sites and then affected Korean public, government, and private-sector services from July 7 through July 10. The malware chain used Windows Installer msiexec.exe to download and run msiexec variants that…
Cisco Systems Korea’s July 2009 briefing describes four waves of 7.7 DDoS attacks against U.S. and South Korean government, financial, media, portal, and security sites from July 5-10. The presentation estimates roughly 100,000-200,000 zombie PCs, with Ci…
FireEye analyzed the July 2009 DDoS activity that disrupted major U.S. and South Korean websites and found destructive malware behavior after the DDoS phase ended. A service component named mstimer.dll triggered wversion.exe after July 10, causing the mal…
Symantec reported that several U.S. and South Korean government, financial, and media websites were taken offline around July 4 by coordinated DDoS activity. The malware chain involved W32.Dozer, Trojan.Dozer, W32.Mydoom.A@mm, and W32.Mytob!gen: Mytob gat…
The 7.7 DDoS malware analysis documents how `msiexec2.exe` and `perfvwr.dll` supported the July 2009 denial-of-service attacks against South Korean and U.S. websites. `msiexec2.exe` set its working directory to the Windows system directory, created `uregv…
South Korea's National Intelligence Service reported a large DDoS campaign on July 7 targeting 26 major South Korean and U.S. websites, including the Blue House, Ministry of National Defense, and White House. Analysis of recovered malware found embedded I…