:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

Virus & security » Security Information » 2000 » Several high-profile web sites taken down

Several high-profile web sites taken down

Add to My Norman Bookmarks

Security Information Week 6, 2000

During the first days of this week several high-profile web sites fell victim of what seems to be Denial of Service (DoS) attacks. Much visited sites like Yahoo!, the famous Internet bookshop Amazon.com and CNN were victims, some of those were unavailable for hours.

DOS attacks have a long history as one of the dangers of being connected to the Internet. In its simplest form such an attack occurs when a computer issues a lot of (special) commands to another computer, thus disabling the latter to carry out its normal business. Traditionally the way to protect against such attacks is analyzing the traffic and preventing unusual amount of data from one source from reaching the targeted computer.

During the latest months, however, a new kind of attacks have been seen. This kind of attack, known as "Distributed Denial of Service attacks" (DDoS) is different from the older type, in the fundamental way that it comes from a lot of different sources, sometimes thousands of different computers. This makes it difficult to identify and protect against. It should be noticed that even though a lot of different computers are involved, these are innocent, unaware victims of one or a few attackers.

Two of the most common tools to use in such attacks are known as trin00 and Tribal Flood Network (tfn). Both are available for downloading from the Internet, thus being of considerable danger for Internet sites which are crucial for an organization's Internet presence.

A comprehensive advisory about these kind of attacks was published jointly by CERT Coordination Center and the US' Federal Computer Incident Response Capability (FedCIRC). It is available from CERT Advisory CA-2000-01 and is recommended reading for those more interested in information about this kind of attack. This document also has a link to an even more comprehensive analysis which sums up the result of a workshop (in PDF format) with security experts discussing this particular problem.

The advisory from Internet Security Systems' X-Force does also provide good information about this kind of attack. This advisory covers in detail the various parts of the tools used.

Both these advisories are recommended reading.

Per Olav Førland

CURRENT VIRUS THREATS

Medium risk
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Latest virus definition file published

>>	2008-07-04 (UTC 13:16)

Security Information

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Security News and Advisories

>>	Three critical updates for Microsoft systems in June 2008
>>	Three critical updates for Microsoft systems in May 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.