Latest MyDoom DDoS Targets Symantec
16th September, 2004
MyDoom.W is lightly circulated at present, and has had no visible effect on Symantec's operations. According to Symantec, the worm programs infected machines to send a GET request to www.symantec.com on port 80 every 300ms from now through Oct. 1. Other antivirus firms say the attack is not scheduled to begin until Sept. 29. The antivirus vendors can't seem to agree on a name, either, as the worm is also identified as MyDoom.X and MyDoom.Y by various providers.
If the author's intent is to interfere with Symantec's ability to distribute virus definition updates to customers, he/she is using the wrong URL, as www.symantec.com is the company's main business web site. Virus updates are distributed via liveupdate.symantecliveupate.com, which uses Akamai's content distribution network to speed downloads and defend against DDoS attacks.