DDoS attacks hit U.S., South Korean government websites

By Robert Westervelt, News Editor 08 Jul 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Security researchers and government IT personnel are investigating a series of distributed denial-of-service (DDoS) attacks wreaking havoc on U.S. and South Korean government websites.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

According to security researchers, the attacks began last weekend and were responsible for taking out the websites hosting the Federal Trade Commission and Department of Transportation, among others. A spokeswoman for the FTC did not return a phone call seeking comment.

PandaLabs, the research arm of antivirus vendor Panda Security, issued a list of websites affected by the attacks. PandaLabs technical director, Luis Corrons, said the malware involved in the attack has been detected as Mydoom.HN.

The mass-mailing worm began spreading in 2004 and quickly became substantial. At its peak, Mydoom was detected in one in 12 email messages.

The DDoS attacks appear to be originating from South Korean computers. According to news reports, South Korean officials are experiencing similar problems with the government's websites.

The attacks have been widespread and relatively unsophisticated, affecting other government websites at times as well as several sites connected to financial firms, according to security researchers who describe the attacks primarily a nuisance.

Rick Howard, director of security intelligence, at VeriSign iDefense called the attacks "run of the mill" and said security researchers believe the delivery mechanism used to create the botnet behind the attacks, was a simple spam campaign. Researchers are still trying to determine for certain if there is a command and control server behind the botnet.

"We believe this attack is nothing more than standard using old Mydoom code from 2004," Howard said. "That's what is hitting on antivirus engines right now."

Security researchers are also trying to figure out why the attacker has chosen certain websites over others. Other than some financial firms, the Washington Post is the only other organization affected by the attack.

"We don't know if it is North Korea, someone mad at the Washington Post or just a disgruntled hacker," Howard said. "We may never know."

Tags: Denial of Service (DoS) Attack Prevention,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Denial of Service (DoS) Attack Prevention Web application attacks security guide: Preventing attacks and flaws DDoS attack strikes UltraDNS, affects Amazon, Wal-Mart VeriSign extends DDoS attack protection service Conficker authors prepping for next stage, researcher says Latest DDoS attacks extremely unsophisticated, experts say How to prevent a denial-of-service (DoS) attack I'll be watching you: Wireless IPS How to prevent DDoS attacks on websites How to prevent network denial-of-service attacks What are 'phlashing' attacks? Denial of Service (DoS) Attack Prevention Research Emerging Information Security Threats Leverage Google Attacks to Improve Cybersecurity SCADA system, critical infrastructure security lacking, survey finds Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Information security podcasts: 2009 archive Hathaway calls for international cybercrime task force Active PDF attacks target Reader, Acrobat zero-day vulnerability Sites hit with massive automated SQL injection attack Cybercriminals invest in social networking attacks Best practices for (small) botnets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Electrohippies Collective  (SearchSecurity.com) packet monkey  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary