
 

                                                   JPCERT-AT-2009-0012
                                                             JPCERT/CC
                                                            2009-07-10

                  <<< JPCERT/CC Alert 2009-07-10 >>>

   DDoS attacks observed relating to South Korea and United States

            https://www.jpcert.or.jp/at/2009/at090012.txt

I. Overview

  JPCERT/CC has obtained information regarding DDoS attacks launched 
against government and financial institutions in South Korea and the
United States.  Due to these attacks, connecting to affected web sites
has become impossible or very slow.
  
  These attacks are being carried out by hosts infected with a 
particular virus which contains a pre-determined list of targets to
overwhelm with traffic and make unavailable.  The virus used not only
attacks the listed targets, but also deletes data from the infected
host under specific conditions.
  
  Japanese domestic situation:
  As of 17:00 July 10 2009, no Japanese hosts appear to be targeted by
  the attack.  However, JPCERT/CC has received reports from KrCERT/CC 
  (Korea) that a number of Japanese hosts are involved in sending 
  attack traffic to targeted sites.
  
  Owing to the existence of these infected hosts in Japan and to 
attempt to prevent an increase in the number of infected machines,
JPCERT/CC is issuing this alert for network owners to be aware of the
potential for such hosts on their networks.
  

II. Response

  Details regarding the spread of this malware are presently unclear;
however, to prevent hosts becoming part of the attack, it is important
to consider the following general countermeasures:

  - Be careful about opening suspicious emails or web sites;
  - Run the most recent version of your operating system and 
    applications;
  - Use anti-virus software, making sure that pattern files are kept 
    up to date;
  - Run anti-virus system scans on a regular basis to check for
    infections;
  - Uninstall unnecessary applications.
  
  It is likely that future attacks with utilize different 
vulnerabilities, so it is recommended that these countermeasures are 
performed on a continual basis.


III. References

    OS update:
    Microsoft Update
    https://update.microsoft.com/

    Windows Update
    https://windowsupdate.microsoft.com/

    Application updates:
    Office Update
    http://office.microsoft.com/officeupdate/default.aspx

    Adobe Flash Player Version Test
    http://kb2.adobe.com/cps/155/tn_15507.html

    Adobe.com
    New downloads
    http://www.adobe.com/support/downloads/new.jsp

    MIC and METI Bot Countermeasure Project
    Cyber Clean Center ( CCC )
    https://www.ccc.go.jp/index.html

    WORM_MYDOOM.EA
    http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.EA&VSect=S

    W32/Mydoom.cf
    http://www.mcafee.com/japan/security/virM.asp?v=W32/Mydoom.cf


  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
https://www.jpcert.or.jp/