RFI: DDoS Against Government and Civilian Web Sites
We are aware of an ongoing DDoS against several high-profile web sites. Public details are in these online stories:
http://blogs.csoonline.com/online_attack_hits_us_government_web_sites
http://hosted.ap.org/dynamic/stories/U/US_CYBER_ATTACK
There have also been sketchy reports that South Korean websites are experiencing outages. We are looking for any additional information, especially technical reports or packet captures. Please use our contact page.
UPDATE 1: Several news agencies are reporting that attacks in South Korea are ongoing. There are some allegations that North Korea is involved but we have not seen any technical attribution. Shadowserver's DDoS charts clearly show the increases in DDoS traffic. (see update 3 below)
UPDATE 2: Speculation on who is behind this series of attacks based on the evidence we have seen is just that, speculation. Given the mountain of evidence we have to review, judgements on attribution or motivations would be inaccurate at best and irresponsible at worst. As we analyze all the data we will hopefully be able to provide more clarity into these attacks. There does appear to be many malicious binaries responsible for this activity, some of these binary files appear to have different target lists. - AndreL
UPDATE 3: The good people over at Shadowserver wrote to tell us that the spike in their DDoS graph is not related to the US/KR attacks. They said that the timing is just coincidental and that they have no specific statistics on the US/KR event.
UPDATE 4: Trendmicro and PandaLabs have posted lists of sites that are being attacked, as well as some other information. You can get this information at the links below. - AndreL
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.EA&VSect=T
http://pandalabs.pandasecurity.com/archive/DDoS-attacking-US-and-South-Korea-government-sites-.aspx
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments
http://news.bbc.co.uk/2/hi/technology/8139821.stm
http://english.yonhapnews.co.kr/national/2009/07/08/79/0301000000AEN20090708008300315F.HTML
MajDisaster
Jul 8th 2009
1 decade ago
Ryan Barnett
Jul 8th 2009
1 decade ago
Marcus
Jul 8th 2009
1 decade ago
Ryan Barnett
Jul 8th 2009
1 decade ago
Karl
Jul 8th 2009
1 decade ago
Justin Shore
Jul 8th 2009
1 decade ago
Tisiphone
Jul 8th 2009
1 decade ago
zygote
Jul 9th 2009
1 decade ago
***************Pasted content of the email *************
Mike,
I have some important news that I wanted to share with you regarding a recent information security threat that SecureWorks has been tracking. SecureWorks Counter Threat Unit (CTU) and Joe Stewart have been analyzing the code behind the botnet launching the denial-of-service attacks against US government sites, US commercial sites and South Korean sites. Stewart was quoted in nearly 4,000 press articles for the work.
The July 4th weekend DDOS exposed a range of vulnerabilities in the attacked sites. While several ill-prepared organizations had their sites shut down, the protected ones were met with minimal disruption.
If you are interested in learning more, you can readfurther information about the DDOS attacks here:
New York Times:
Business Week: http://www.nytimes.rsvp1.com/s15040nmiit
Washington Post: http://www.businessweek.rsvp1.com/s191c1nmiiv
CIO: http://www.washingtonpost.rsvp1.com/s15540nmiixhttp://www.cio.rsvp1.com/s19581nmiiy
Along with the DDOS attacks, SecureWorks also made news this weekwith our acquisition of VeriSign’s MSS business: http://www.secureworks.rsvp1.com/s194c1nmiiz ). SecureWorks now has over 2,600 clients worldwide and is the largest pure-play provider of Managed Security and Security-as-a-Service offerings.
If you would be interested in speaking with me or my associate, Don Addington, further about any of the above information, please do not hesitate to give me a call or respond with an email.
Have a great weekend!
******************* End of Paste ***************
Does this bother anyone else??
Mike
Jul 10th 2009
1 decade ago