Symantec reported that several U.S. and South Korean government, financial, and media websites were taken offline around July 4 by coordinated DDoS activity. The malware chain involved W32.Dozer, Trojan.Dozer, W32.Mydoom.A@mm, and W32.Mytob!gen: Mytob gathered email addresses and mailed the Dozer dropper, which installed Trojan.Dozer and Mydoom components on compromised systems. Trojan.Dozer functioned as a backdoor, contacted hardcoded IP addresses over TCP ports 53, 80, and 443, and could receive commands to update itself, report DDoS status, or launch HTTP GET/POST, UDP, ICMP, TCP ACK, and TCP SYN flood attacks against predetermined targets. The report recommends keeping security software current, filtering email attachments, and blocking the observed command-and-control IP addresses to reduce the impact of the Mydoom/Dozer activity.