Seoul - South Korean authorities issued a warning Wednesday against malicious computer software believed to have attacked about 8,000 personal computers and disabled government and private websites. An official of South Korea's Communications Commission said the so-called DDoS (Distributed Denial of Service) attacks generate massive malicious traffic from millions of infected computers to specific sites, leading to the disablement of access for the targeted sites.
South Korean cyberpolice are investigating the hacking incident that on Tuesday night disabled or slowed the websites of banks, government agencies and portals.
The websites of the Presidential Office, the National Assembly and Defence Ministry were simultaneously bombarded with access requests, apparently caused by malicious software, denying normal access to these sites, the Communications Commission said in a statement.
"We are tracking down an IP [internet protocol] that generates the harmful traffic," Hwang Chul Jung, an official of the commission, said Wednesday at a press briefing.
Given its targeted sites, the attack might have originated in North Korea, China or another country, web security experts said.
News of the attacks led shares of some cybersecurity firms like Ahnlab Inc to rise Wednesday.
source
Related July 8, 2009 : US government Web sites attacked (DDoS)
Subscribe to:
Post Comments (Atom)
4 comments:
Geek alert time! You know if this is NK backed it would kind of make sense. Everyone knows that DoS attacks are nothing but bothersome and really don't do any damage except perhaps effect online sales and accessability to a website for a short time.
However, remembering NK's 50 years behind in mentality, I think they believe with enough DoS attacks, they can tie servers up enough to crash a system either through overwork, or "getting through" and planting a virus.
This however isn't really possible as the "gateway" inside is on a different system than the actual system. And if they have a good System Administrator, the "sensitive" data won't even be on the same system, or even accessable through the same gateway.
In other words, I think NK is trying to crash systems, although right now just in testing, to see if they can "get through" and crash sensitive systems, thus trying to effect commerce and military communication.
The first, effecting commerce, is a terrorist act. The second, military communication, would be to blind our security allowing missiles to be fired untracked, or possibly attacks from their outdated subs, among other scenarios.
I would say that corporations and governments need to get use to this kind of attack, as the best way to attack any country, is to weaken their defense systems. If communication within the military is broken, and tracking systems are down, this leaves a door wide open for physical attack.
Remember, one of the main ideas of war or attacks is to find the strength, weaken it, and then take advantage of it.
This also means, that we as regular internet users, need to be more aware of our computers. There is a new report out today saying that at 1300GMT, user's computers could be compromised to the point of data on private users hard drives being destroyed.
Coincidentally, Microsoft issued a security bulletin several days ago about a direct X vulnerability, which has actually been around for a LONG LONG time, and they have never fixed. Currently there is no patch for this fix however, they do offer a "hot fix" to temporarily disable the vulnerability. If needed, I can look this back up and post it for you.
Also one other thing I have noticed in the past two weeks. Trojans are being sent via ads on sites. I have had to remove approximately 23 Trojans in the past two weeks, and I've never had such a mass of viri attempted at the same time in the past. They are all nearly the same. They end up in your IE temp folder as a htm item, instruct to execute the trojan which is also in the ad, and then install. As I've said to quite a few people in the past few days, forget using free virus programs, they aren't catching it. So far only McAfee and Norton have detected the trojans. Keep your virus definitions up to date. And spending the $50 on McAfee or Norton is worth it.
All good information. Trojans via adds: I talked about that sometime back in a post titled - On the Flash Track. Might I suggest an add blocker, I use NoScript.
I run free antivirus and find them just as reliable as a pay version. Guess I depends on which one you choose. I also have another defense against these exploits, hardware firewall where I make the rules. More people should run one as I find software firewalls suck. If it cant get to the user machine / network it cant do damage.
Actually Ed, there is a report from SK about how the virus works. There is a file called swf.gif that is involved in the DDoS attacks, and goes along with how I believe MyDoom is being distributed.
As for the freebies, I used AVG for one month. Hated it. Bit the bullet and bought another subscription to McAfee..... found more than I would have liked.
Doom is spread through social engineering and drive bys like many virus' and trojans. The actual file can be anything including swf or gif. Once enough computers are infected the attacker forms a botnet, then proceeds through commands the attack. DDoS is one of the easiest and most of the time harmless. It can be nasty if the author / controller wants it to be.
Heres some information from a site I frequent often. I think you'll enjoy it.
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20090710
Question: How do you get all these virus', trojans. I only ask as the numbers you mention seem quite large. You sure you don't have a polymorphic on your box ?
Post a Comment
Anonymous Users are allowed to comment.
I do not censor comments or anything else you will find on this site, except for SPAM.
You are responsible for what you write.
So just Say it...