[ISN] Symantec website under DDoS attack

From: InfoSec News (isn@private)
Date: Tue Jul 19 2005 - 01:48:48 PDT


http://software.silicon.com/malware/0,3800003100,39150478,00.htm

By Dan Ilett
18 July 2005

An email worm is recruiting computers for a coordinated attack on
antivirus vendor Symantec's website.

Since Friday, email filtering vendor MessageLabs has intercepted
13,717 copies of the worm, dubbed Breatel.A-mm, and has issued a
medium-level warning.

The worm travels as an email attachment, under the subject lines:  
"Message could not be delivered", "Error", or "Mail Delivery System".

If the attached file is opened, the computer connects to a botnet - a
network of thousands of hacker-controlled computers used for illegal
activity - and begins to send data to the Symantec website in the hope
of crashing it.

According to antivirus company F-Secure, the worm attachment contains
a message to Symantec that says: "easy to talk but hard to work :)  
what about working in symantec? :P it is not only a mass mail worm it
is also a lsass worm :)"

A Symantec spokesman said that the company's infrastructure was built
to withstand such attacks.

The first copy of the worm was sent from Northern Ireland, MessageLabs
said.



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Tue Jul 19 2005 - 01:53:48 PDT