Post Mon Jun 11, 2007 4:11 pm

Botnet Assault: Spammers Launch DDoS Offensive

Interesting post from Ryan Naraine's blog:

The spammers behind last year’s destruction of Blue Security are back with a vengeance, using a variant of the ‘Storm Worm’ malware to launch a sustained distributed denial-of-service attack against three anti-spam services.

The ongoing attacks, which use botnets of hijacked Windows computers, successfully shut down the Web servers that power the Spamhaus Project, URIBL (Realtime URI Blacklists) and SURBL (Spam URI Realtime Blocklists (SURBL).

A note from Steve Linford of the Spamhaus Project explains the assault:

The attack is being carried out by the same people responsible for the BlueSecurity DDoS last year, using the Storm malware.

The attack method was sufficiently different to previous DDoS attacks on us that some of it got through our normal anti-DDoS defenses and halted our web servers.

At 02:00 GMT we got the attack under control and our web servers are now back up, www.spamhaus.org is running again as normal.

The attack is ongoing, but it’s being absorbed by anti-DDoS defenses. Also under attack by the same gang are SURBL and URIBL.

Storm is the ‘nightmare’ botnet, capable of taking out government \facilities and causing much mayhem on the internet. It has 3 functions; sending spam, fast-flux web and dns hosting mainly for stock scams, and DDoS. There is a hefty international effort underway by cyber-forensics teams in a joint effort by law enforcement and private sector botnet and malware analysts to trace the perpetrators.

The Storm Worm Trojan has been linked to similar attacks against anti-spam services, anti-rootkit software providers and even malware researchers.


For original blog post:
http://blogs.zdnet.com/security/?p=280

Don
CISSP, MCSE, CSTA, Security+ SME