Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The attack may have started during the July 4 weekend, but seemed to have peaked yesterday, Rick Howard, intelligence director for VeriSign iDefense, told SCMagazineUS.com. One of the hardest hit government sites was the US Federal Trade Commission's, but other US government sites have been able to mitigate the effect.“Most of the US government sites have handled it without too much of a problem,” Howard said. “But there have been problems on the South Korean side.”The code itself is not new or particularly sophisticated. It seems to be a variant of the MyDoom worm that first hit in 2004.“We have a copy of the malicious code that is doing it. It is not that exciting in terms of new and interesting things – it's a middle-of-the-road DDoS attack trojan,” Howard said. “There may not even be a command-and-control server involved – the payload may be delivered by email.”Some security experts have estimated the number of compromised computers hosting the malware at between 30,000 and 60,000. Also, the code may bundle a number of different modules.“The malicious code drops several different components and is composed of many different files,” Luis Corrons, technical director at PandaLabs, told SCMagazineUS.com. “One of the files has a list of URLs to be attacked hard-coded in it -- so the attackers are not dynamically configuring the attack.”Though many reports claim it is coming from North Korea, it's too soon to pinpoint exactly who is behind it. “It's not hard to mitigate a DDoS – it's expensive — though not hard to do,” said Howard. “But it is hard to attribute the attack to a specific origin.”And few clues yet exist to help make a determination, though forensic efforts are ongoing. “The malware itself does not give any clue as to who is doing this,” Corrons said.There are a number of theories, however, on where the email bearing the malicious payload physically originated.“There was a report that ground zero – the place where the emails were launched from -- is somewhere east of Seoul,” Howard said. “But that is purely speculative at this point.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.