sites (2)

A new family of bots is responsible for nearly 200 distributeddenial-of-service attacks targeting websites in China, the UnitedStates, South Korea and Germany, according to researchers at securityfirm Arbor Networks

The bot family, which has been dubbed "YoyoDDoS" after the hostname of one of its initial command-and-control (C&C)servers, was first detected in March. To date, Arbor Networks hasprocessed more than 70 variants from the family and identified at least34 C&C servers, all but three of which are located in China.

DDoS attacks use large numbers of compromised PCs to flood a targeted website withtraffic with the goal of knocking it offline. Out of the 180 YoyoDDoSattacks that have been identified, 126 of them targeted IP addresses inChina, while 32 targeted victims in the United States, nine in SouthKorea, and five in Germany.

Several different online merchants have been targeted, including sites selling auto parts and cosmetics,Edwards said. Several gaming and gambling sites also were attacked,along with a website-hosting provider, a music forum and a personalblog..

“It is not targeted at a specific industry,” said Edwards, a former FBI special agent assigned to the Detroit CybercrimeSquad. “Its more like a general tool, and if somebody wants to take asite down for a certain reason, a lot of time they use this YoyoDDos.”

The attacks typically last between a few hours to two days, he added.Several sites have been attacked continuously for 24 to 48 hours.

Researchers at Arbor Networks said they do not know how many computers have beeninfected with the bot malware, but they believe there are at least threeor four independent YoyoDDoS botnets being controlled by independentoperators.

If this is the case, the code to create the bot malware may be circulating in the cybercrminal underground, Edwards said.

The bot malware, which Edwards said is not especially sophisticated, couldmake its way onto a user's PC via malicious links or attachments inemails. After instillation, the bot connects to the C&C server andreports back details about the victim host, including the make, modeland speed of the processor and the operating system service pack level.Additionally, every time an infected computer is started, the malwaremakes contact with the C&C server.

The bot family uses four different types of DDoS attacks – HTTP, UDP, SYN and ICMP – all ofwhich flood a victim with different types of traffic, Edwards said. Ifan attack is launched with a certain type of traffic, and the victim hasa firewall or another security device that blocks it, another attackmode can be used.

“I do know that it is being actively used based on the number of attacks we are logging,” Edwards said. “We arestill logging attacks and finding [bot malware] specimens we haven'tseen.”

Read more…

Saudi Arabia has conducted tests to stand down its air defences to enable Israeli jets to make a bombing raid on Iran’s nuclear facilities, The Times can reveal.

In the week that the UN Security Council imposed a new round of sanctions on Tehran, defence sources in the Gulf say that Riyadh has agreed to allow Israel to use a narrow corridor of its airspace in the north of the country to shorten the distance for a bombing run on Iran.

To ensure the Israeli bombers pass unmolested, Riyadh has carried out tests to make certain its own jets are not scrambled and missile defence systems not activated. Once the Israelis are through, the kingdom’s air defences will return to full alert.

Sources in Saudi Arabia say it is common knowledge within defence circles in the kingdom that an. arrangement is in place if Israel decides to launch the raid. Despite the tension between the two governments, they share a mutual loathing of the regime in Tehran and a common fear of Iran’s nuclear ambitions. “We all know this. We will let them [the Israelis] through and see nothing,” said one.

The four main targets for any raid on Iran would be the uranium enrichment facilities at Natanz and Qom, the gas storage development at Isfahan and the heavy-water reactor at Arak. Secondary targets include the lightwater reactor at Bushehr, which could produce weapons-grade plutonium when complete.

The targets lie as far as 1,400 miles (2,250km) from Israel; the outer limits of their bombers’ range, even with aerial refuelling. An open corridor across northern Saudi Arabia would significantly shorten the distance. An airstrike would involve multiple waves of bombers, possibly crossing Jordan, northern Saudi Arabia and Iraq. Aircraft attacking Bushehr, on the Gulf coast, could swing beneath Kuwait to strike from the southwest.

Passing over Iraq would require at least tacit agreement to the raid from Washington. So far, the Obama Administration has refused to give its approval as it pursues a diplomatic solution to curbing Iran’s nuclear ambitions. Military analysts say Israel has held back only because of this failure to secure consensus from America and Arab states. Military analysts doubt that an airstrike alone would be sufficient to knock out the key nuclear facilities, which are heavily fortified and deep underground or within mountains. However, if the latest sanctions prove ineffective the pressure from the Israelis on Washington to approve military action will intensify. Iran vowed to continue enriching uranium after the UN Security Council imposed its toughest sanctions yet in an effort to halt the Islamic Republic’s nuclear programme, which Tehran claims is intended for civil energy purposes only. President Ahmadinejad has described the UN resolution as “a used handkerchief, which should be thrown in the dustbin”.

Israeli officials refused to comment yesterday on details for a raid on Iran, which the Prime Minister, Binyamin Netanyahu, has refused to rule out. Questioned on the option of a Saudi flight path for Israeli bombers, Aharaon Zeevi Farkash, who headed military intelligence until 2006 and has been involved in war games simulating a strike on Iran, said: “I know that Saudi Arabia is even more afraid than Israel of an Iranian nuclear capacity.”

In 2007 Israel was reported to have used Turkish air space to attack a suspected nuclear reactor being built by Iran’s main regional ally, Syria. Although Turkey publicly protested against the “violation” of its air space, it is thought to have turned a blind eye in what many saw as a dry run for a strike on Iran’s far more substantial — and better-defended — nuclear sites..

Israeli intelligence experts say that Egypt, Saudi Arabia and Jordan are at least as worried as themselves and the West about an Iranian nuclear arsenal.Israel has sent missile-class warships and at least one submarine capable of launching a nuclear warhead through the Suez Canal for deployment in the Red Sea within the past year, as both a warning to Iran and in anticipation of a possible strike. Israeli newspapers reported last year that high-ranking officials, including the former Prime Minister Ehud Olmert, have met their Saudi Arabian counterparts to discuss the Iranian issue. It was also reported that Meir Dagan, the head of Mossad, met Saudi intelligence officials last year to gain assurances that Riyadh would turn a blind eye to Israeli jets violating Saudi airspace during the bombing run. Both governments have denied the reports

Read more…

Blog Topics by Tags

  • in (506)
  • to (479)
  • of (339)
  • ! (213)
  • as (166)
  • is (157)
  • a (156)

Monthly Archives