Zombies wreaking havocYes, it sounds like the title of a bad movie, but companies are losing a lot of money over this kind of activity. DDoS (Distributed Denial of Service) is a type of attack involving a clear attempt to prevent legitimate users of a network service from using that service. The most common method is to flood a network with useless traffic, overloading the network's capacity. Over the last few years, many companies have suffered at the hands of DDoS attacks. The problem is that companies do not generally see these attacks coming and can do little to retaliate once an attack is underway. The motive behind attacks is usually extortion; Give us the money and the attack will stop. The zombies are computers which are used to carry out the attacks, having had their security compromised by separate attacks on them by organised attackers. The DDoS victims are usually those that rely on Internet 'up time' for their revenue. Online payments processing firm Protx recently came under a sustained DDoS attack which severely impacted its services. A large number of compromised machines from a wide range of spoofed IP addresses attacked their site in an organised manner, and they responded by working with their ISP for remedial action, including analysis and stopping of traffic generated by zombie machines. Whilst others have given in to the demands of the criminals by paying them off, this shows that some companies are prepared to spend money by fighting back, increasing capacity to handle large scale attacks. Other companies that have come under attack include WorldPay and DoubleClick, as well as numerous online bookies. 2004 has seen a massive increase in zombie PCs, also known as bots. Botnets are computers infected by worms or Trojans and taken over stealthily by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks. By using compromised machines (instead of open mail relays like in the old days) spammers are able bypass IP address blacklists. Home users and companies could do a great service to defeating zombies by keeping AV up to date, patching their systems and using anti-spyware and ant-Trojan software. Software developers could do a great job by testing the code that they write for security problems before releasing hundreds of patches and 'service packs', but perhaps I mentioned that already. Alan Phillips, 7Safe Information Security |