Blog

targeting (2)

DDoS botnet family discovered targeting scores of sites

Posted by technology on August 28, 2010 at 12:53pm
A new family of bots is responsible for nearly 200 distributeddenial-of-service attacks targeting websites in China, the UnitedStates, South Korea and Germany, according to researchers at securityfirm Arbor Networks

The bot family, which has been dubbed "YoyoDDoS" after the hostname of one of its initial command-and-control (C&C)servers, was first detected in March. To date, Arbor Networks hasprocessed more than 70 variants from the family and identified at least34 C&C servers, all but three of which are located in China.

DDoS attacks use large numbers of compromised PCs to flood a targeted website withtraffic with the goal of knocking it offline. Out of the 180 YoyoDDoSattacks that have been identified, 126 of them targeted IP addresses inChina, while 32 targeted victims in the United States, nine in SouthKorea, and five in Germany.

Several different online merchants have been targeted, including sites selling auto parts and cosmetics,Edwards said. Several gaming and gambling sites also were attacked,along with a website-hosting provider, a music forum and a personalblog..

“It is not targeted at a specific industry,” said Edwards, a former FBI special agent assigned to the Detroit CybercrimeSquad. “Its more like a general tool, and if somebody wants to take asite down for a certain reason, a lot of time they use this YoyoDDos.”

The attacks typically last between a few hours to two days, he added.Several sites have been attacked continuously for 24 to 48 hours.

Researchers at Arbor Networks said they do not know how many computers have beeninfected with the bot malware, but they believe there are at least threeor four independent YoyoDDoS botnets being controlled by independentoperators.

If this is the case, the code to create the bot malware may be circulating in the cybercrminal underground, Edwards said.

The bot malware, which Edwards said is not especially sophisticated, couldmake its way onto a user's PC via malicious links or attachments inemails. After instillation, the bot connects to the C&C server andreports back details about the victim host, including the make, modeland speed of the processor and the operating system service pack level.Additionally, every time an infected computer is started, the malwaremakes contact with the C&C server.

The bot family uses four different types of DDoS attacks – HTTP, UDP, SYN and ICMP – all ofwhich flood a victim with different types of traffic, Edwards said. Ifan attack is launched with a certain type of traffic, and the victim hasa firewall or another security device that blocks it, another attackmode can be used.

“I do know that it is being actively used based on the number of attacks we are logging,” Edwards said. “We arestill logging attacks and finding [bot malware] specimens we haven'tseen.”

Read more…

Arik Airline: Was Suspect targeting five Americans, top politicians as facts come to light

Posted by Paul "EFCC" Hawk Adams on April 4, 2010 at 9:24pm
Attack on airline: Suspect targeted five Americans, top politicians Now claims he is INSANE !

Strong indications have emerged that the suspected terrorist who drove a car into Margret Ekpo International Airport's tarmac, Calabar, and hit the underbelly of a parked aircraft belonging to Arik Airline on Wednesday might have targeted the five Americans and top politicians on board the aircraft.
12166237069?profile=original

Investigations by SUNDAY PUNCH revealed that the suspect, Mr. Aniefiok Elijah Okon, from Akwa-Ibom State might have been on a sponsored suicide mission to either embarrass the airline or the country.

Apart from the five Americans, top politicians including the Chairman, Cross River State Forestry Commission and former governorship aspirant in the state, Mr. Odinga Odinga, were on board the plane.

It was gathered from the police that the manner in which the suspect carried out the aborted attack gave confirmation that he was handed down clear instructions and details of his target by his alleged sponsors.

The police in Calabar, Cross River State, disclosed to our correspondent that they were working on a theory that the suspect was engaged in a sponsored mission, adding that thorough investigation was ongoing to unmask the sponsors of the futile attempt.

The Police Public Relations Officer in the state, Mr. Etim Dickson, refused to speak on the matter, claiming he was on inspection tour of police formations in the state with the Commissioner of Police, Mr. Ahmed Ibrahim, when the incident occurred. A top police officer said investigation was in progress.

However, another police source who craved anonymity said that two Air Force officers who were on duty when the incident occurred had been recalled to their base for interrogation.

Referring to the incident as a security breach, he wondered why the security operatives could not stop the suspect before he got to the tarmac.

He said, "I can assure you that we are doing everything possible to get to the root of this matter. It is a serious security breach and all those involved in it must be fished out and punished. There were five Americans and top politicians on board that plane and we are working on the theory that the futile attack was targeted at them. It was a suicide mission."

The suspect, who is being interrogated at the Criminal Investigation Department of the police command, he added, had been feigning madness.

He said: "Because the attack was not successful, his behaviour at this preliminary stage of our interrogation was expected. We know he is just feigning madness. We know he is just acting a script. He will eventually tell us the truth. The earlier he tells us the truth, the better for him because we must get to the bottom of this matter.

"No madman could have done what he did. He drove a car crashing through two security gates and headed straight for a boarded aircraft. In the process, he even did a U-turn and squeezed the car underbelly and now he is claiming to be mad. We cannot be deceived."

He added that the management of the airline had premonition of the attack but did not expect it to occur in Calabar.

He said the airline confirmed it had received several threats of possible attack on its aircraft by unknown persons, but that it did not expect the attack to occur in Calabar.

But the Arik Media Officer, Mr. Banji Ola, who spoke to our correspondent on Friday, denied the claim.

He frowned on the insinuation saying, "how can we have premonition of such a dastardly act. It is not true."

On Wednesday, tragedy was averted when a lone occupant of Audi NA 234 KAM breached security at the airport by breaking two gates manned by officials of the Nigerian Air Force and gaining access to the tarmac.

Okon who had driven a distance of about 500m in the tarmac unchallenged, headed for the left wing of Boeing 5N-MJJ aircraft, but made a U-turn and buried the car underbelly.

Despite the impact, the suspect had remained in the car probably waiting for possible explosion until airport security operatives dragged him out of the scene.

But Okon who has been described as a Christian extremist, instead of showing remorse for his action, had rained abuses on everybody at the airport.

He had repeatedly said, "You are all sinners. All of you deserve to die because mankind is turning away from God. People in the world are turning away from God. Every human being is wicked and deserved to go to hell except you repent."

The impact of the car on the 95-passenger aircraft which was about taxing down to the runway for take-off had sent jitters into the spines of the passengers who immediately jostled down for safety.
Read more…

Latest Blog Posts

Most Popular Blog Posts

Blog Topics by Tags

  • in (506)
  • to (479)
  • of (339)
  • ! (213)
  • as (166)
  • is (157)
  • a (156)

Monthly Archives