MyDoom.W, a new version of the infamous Internet worm, instructs infected computers to launch a distributed denial of service (DDoS) attack on Symantec, a leading vendor of antivirus software. Earlier versions of MyDoom orchestrated DDoS attacks that knocked out the web sites of The SCO Group and the Recording Industry Association of America (RIAA). Similar attacks on Microsoft have been unsuccessful.
MyDoom.W is lightly circulated at present, and has had no visible effect on Symantec’s operations. According to Symantec, the worm programs infected machines to send a GET request to www.symantec.com on port 80 every 300ms from now through Oct. 1. Other antivirus firms say the attack is not scheduled to begin until Sept. 29. The antivirus vendors can’t seem to agree on a name, either, as the worm is also identified as MyDoom.X and MyDoom.Y by various providers.
If the author’s intent is to interfere with Symantec’s ability to distribute virus definition updates to customers, he/she is using the wrong URL, as www.symantec.com is the company’s main business web site. Virus updates are distributed via liveupdate.symantecliveupate.com, which uses Akamai’s content distribution network to speed downloads and defend against DDoS attacks.