|
50,000 'zombies' triggered recent denial of service attacks
The recent distributed denial of service attacks on key U.S. and South Korean Web sites was unleashed by a botnet consisting of around 50,000 computers. Canadian security experts tell you why these attacks are so deadly and how to protect yourself.7/10/2009 6:00:00 AM By: Nestor E. Arellano
A report from security firm Symantec Corp. said the botnet that perpetrated the recent distributed denial of service attack (DDoS) attacks on several key U.S. and South Korean government, financial and media Web sites used around 50,000 zombie computers.
Size-wise, though, that's a mere fraction of the botnet created by the Downadup/Conficker worm, which estimates say included a few million machines at its peak.
Earlier this week, the Symantec Security Response unit began monitoring a DDoS attack that is believed to have started sometime Monday. A third wave is believed to have begun Thursday.
High profile U.S. Web sites affected include: the White House site; Web sites for the Department of Homeland Defense, the State and the U.S. Treasury, and the Washington Post, among others.
Targets in South Korea included: the South Korean President's homepage; sites for U.S. forces in Korea; Internet Auction, one of the country's largest online auction services; the Kookmin Bank, and the site for Chosun Ilbo daily newspaper.
Canadian firms or individuals transacting with these sites would likely have experienced slower service if they are able to enter the site at all,
said Dean Turner, Toronto, Canada-based director of global intelligence network at security software firm Symantec Corp. headquartered in Cupertino, Calif.
"Generally there's a slowdown or disruption of service, which can be very inconvenient for people visiting these sites."
Worries aplenty, options few
Canadian security experts who've followed such attacks closely say they leave hapless victims with few options.
All they can do is batten the hatches, hunker down and seek "upstream intervention" to cut down the massive online traffic overloading their network.
There's really very little an outfit hit with such an attack can do to stop the threat, and that's the biggest problem with DDoS, says James Quin, senior research analyst at Info-Tech Research Group, based in London, Ont.
He said businesses and public sector organizations could provision greater bandwidth to cope with the online traffic surge. But there's no guarantee an attacker won't be able to flood that level of connectivity.
"The only real option is to work with your Internet Service Provider (ISP) to implement upstream filtering," the analyst said.
Related stories:
My motive wasn't criminal, says Mafiaboy
Eavesdropping, fraud, denial of service can threaten IP telephony systems
Page Navigation 1) Attack of the 50,000 zombies. - Page 1
2) w32.dozer - the terrible Trojan behind the attack. - Page 2
3) What you can do. - Page 3
Next Page >> << Back
