News Stay informed about the latest enterprise technology news and product updates.

DDoS attacks hit U.S., South Korean government websites

The attacks, which started last weekend, shut down the Federal Trade Commission and Department of Transportation websites.

Security researchers and government IT personnel are investigating a series of distributed denial-of-service (DDoS) attacks wreaking havoc on U.S. and South Korean government websites.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

According to security researchers, the attacks began last weekend and were responsible for taking out the websites hosting the Federal Trade Commission and Department of Transportation, among others. A spokeswoman for the FTC did not return a phone call seeking comment.

PandaLabs, the research arm of antivirus vendor Panda Security, issued a list of websites affected by the attacks. PandaLabs technical director, Luis Corrons, said the malware involved in the attack has been detected as Mydoom.HN.

The mass-mailing worm began spreading in 2004 and quickly became substantial. At its peak, Mydoom was detected in one in 12 email messages.

The DDoS attacks appear to be originating from South Korean computers. According to news reports, South Korean officials are experiencing similar problems with the government's websites.

The attacks have been widespread and relatively unsophisticated, affecting other government websites at times as well as several sites connected to financial firms, according to security researchers who describe the attacks primarily a nuisance.

Rick Howard, director of security intelligence, at VeriSign iDefense called the attacks "run of the mill" and said security researchers believe the delivery mechanism used to create the botnet behind the attacks, was a simple spam campaign. Researchers are still trying to determine for certain if there is a command and control server behind the botnet.

"We believe this attack is nothing more than standard using old Mydoom code from 2004," Howard said. "That's what is hitting on antivirus engines right now."

Security researchers are also trying to figure out why the attacker has chosen certain websites over others. Other than some financial firms, the Washington Post is the only other organization affected by the attack.

"We don't know if it is North Korea, someone mad at the Washington Post or just a disgruntled hacker," Howard said. "We may never know."

Dig Deeper on DDoS attack detection and prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.