The ongoing DDoS attacks that have been targeting a series of U.S. government sites as well as some commercial sites is likely not the work of any government organization and is being executed by an old piece of malware that is designed to ruin files on infected PCs rather than steal data, experts say.
The attacks, which appear to have started late last week, have targeted several government sites, including FTC.gov and others, and involve a five-year-old family of malware known as MyDoom. There has been widespread speculation that the attacks are the work of a foreign government, but experts say that the somewhat amateurish nature of the campaign makes that unlikely. Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said that the attacks are more likely the work of a less-sophisticated attacker.
The MyDoom file that is downloaded to infected machines exhibits some odd behavior, including destroying the master boot record on the machine. The file also doesn’t update itself automatically and instead of emailing a copy of itself to other users, it sends out an RAR file, Schouwenberg said.
“It appears that these attacks are coordinated, however there is no proof that any government is involved. The interesting part of the attacks is that it appears that the intention of the file that is being downloaded by the malware is to destroy the machine rather than to harvest sensitive data,” he said. “This points to a hooligan rather than a sophisticated cybercriminal group.”
The DDoS component of the malware seems to be working just fine, however. The malware contains a list of target sites, which is being updated on the fly. The attacks have brought a number of sites down, or severely crippled their response times over the last several days.