Korean and American websites victim to DDoS attacks
2009/07/08 15:12Major government, media and corporate websites in both South Korea and the United States were brought down by a large-scale distributed denial of service (DDoS) attack.
In Korea, the attack targeted a wide range of sites:
After 6 p.m. on Tuesday, major Korean websites including Chosun.com, Cheong Wa Dae, the National Assembly, the Defense Ministry, Naver's e-mail and blog services, Auction, and Shinhan and Korea Exchange banks were impossible to connect to or became extremely slow.
While in the US, the DDoS attack included the White House, State Department, Homeland Security and Defense, New York Stock Exchange and the Washington Post.
New York Times: Cyber Attacks Cripple Web Sites
The Korea Internet Security Center (KISC) raised their Internet Security Warning Level to Yellow/Substantial as shown on their homepage:
The KISC was established in December 2003 in response to the Slammer worm, while Korea's first Korean Computer Emergency Response Team was created in July 1996.
ComputerWorld has written a more technical overview of the extent of the DDoS attack:
On Saturday and Sunday the attack was consuming 20 to 40 gigabytes of bandwidth per second, about 10 times the rate of a typical DDoS attack, one security expert said after being briefed by the US-CERT on Tuesday. "It's the biggest I've seen," said the expert, who asked not to be identified because he was not authorized to discuss the matter. By Tuesday it was averaging about 1.2 gibabytes per second, he said.
Security experts estimate the size of the botnet at somewhere between 30,000 and 60,000 computers.
AhnLab has released their analysis of the DDoS attack and determined the code is a variant of the MyDoom virus:
The latest MyDoom variants seen by AhnLab also include a downloader that can bring other malicious code into the compromised PC, a feature also present in earlier versions of the malware. An additional file contains details of Web site to be attacked.
It lists 13 South Korean Web sites and 23 U.S. sites, according to a Korean blogger who analyzed the source code. Most of the sites on the list are those reported to have been attacked or are still under attack.
In Korea, government agencies launched an investigation into the source of the attacks:
The Seoul Central District Prosecutors’ Office on Wednesday instructed the Cyber Terror Response Center (CTRC), a division of the Korean National Police Agency, to investigate the damages caused to 25 government Web sites from the Tuesday attacks.
이올린에 북마크하기
