MyDoom.W is lightly circulated at present, and has had no visible effect on Symantec's operations. According to Symantec, the worm programs infected machines to send a GET request to www.symantec.com on port 80 every 300ms from now through Oct. 1. Other antivirus firms say the attack is not scheduled to begin until Sept. 29. The antivirus vendors can't seem to agree on a name, either, as the worm is also identified as MyDoom.X and MyDoom.Y by various providers.
If the author's intent is to interfere with Symantec's ability to distribute virus definition updates to customers, he/she is using the wrong URL, as www.symantec.com is the company's main business web site. Virus updates are distributed via liveupdate.symantecliveupate.com, which uses Akamai's content distribution network to speed downloads and defend against DDoS attacks.
Posted by Rich Miller in Performance
Your link here? Advertising on the Netcraft Blog