By Robert Westervelt | Jul 9, 2009
Security researchers and government IT personnel are investigating a series of distributed denial-of-service (DDoS) attacks wreaking havoc against US and South Korean government websites.
According to security researchers, the attacks began last weekend and were responsible for taking out the websites hosting the Federal Trade Commission and Department of Transportation, among others. A spokeswoman for the FTC did not return a phone call seeking comment.
PandaLabs, the research arm of antivirus vendor Panda Security, issued a list of websites affected by the attacks [8]. PandaLabs technical director, Luis Corrons, said the malware involved in the attack has been detected as Mydoom.HN.
The mass-mailing worm began spreading in 2004 and quickly became substantial. At its peak, Mydoom was detected in one in 12 email messages.
The DDoS attacks appear to be originating from South Korean computers. According to news reports [9], South Korean officials are experiencing similar problems with the government's websites.
The attacks have been widespread and relatively unsophisticated, affecting other government websites at times as well as several sites connected to financial firms, according to security researchers who describe the attacks primarily a nuisance.
Rick Howard, director of security intelligence, at VeriSign iDefense called the attacks "run of the mill" and said security researchers believe the delivery mechanism used to create the botnet behind the attacks, was a simple spam campaign. Researchers are still trying to determine for certain if there is a command and control server behind the botnet.
"We believe this attack is nothing more than standard using old Mydoom code from 2004," Howard said. "That's what is hitting on antivirus engines right now."
Security researchers are also trying to figure out why the attacker has chosen certain websites over others. Other than some financial firms, the Washington Post is the only other organization affected by the attack.
"We don't know if it is North Korea, someone mad at the Washington Post or just a disgruntled hacker," Howard said. "We may never know."
Links:
[1] http://www.searchsecurityasia.com/content/us-south-korean-government-websites-hit-ddos-attacks#comment
[2] http://www.facebook.com/share.php?u=http://www.searchsecurityasia.com/content/us-south-korean-government-websites-hit-ddos-attacks
[3] http://www.linkedin.com/shareArticle?mini=true&url=http://www.searchsecurityasia.com/content/us-south-korean-government-websites-hit-ddos-attacks&title=US, South Korean government websites hit by DDoS attacks&summary=The attacks, which started last weekend, shut down the Federal Trade Commission and Department of Transportation websites.&source=searchsecurityasia.com
[4] http://del.icio.us/post?url=http://www.searchsecurityasia.com/content/us-south-korean-government-websites-hit-ddos-attacks&title=US, South Korean government websites hit by DDoS attacks
[5] http://www.digg.com/submit?url=http://www.searchsecurityasia.com/content/us-south-korean-government-websites-hit-ddos-attacks&title=US, South Korean government websites hit by DDoS attacks&bodytext=The attacks, which started last weekend, shut down the Federal Trade Commission and Department of Transportation websites.
[6] http://www.searchsecurityasia.com/forward?path=node/6243
[7] http://www.searchsecurityasia.com/print/6243
[8] http://pandalabs.pandasecurity.com/archive/DDoS-attacking-US-and-South-Korea-government-sites-.aspx
[9] http://www.nytimes.com/2009/07/09/technology/09cyber.html?_r=1&hp
1 comments
Facebook
LinkedIn
Digg
