big Yahoo! outage
last week, and this is what they found.
Zombie PC army responsible for big name web blackout
Apple, Google, Microsoft and Yahoo! taken out by dirty RAT
The attack that blacked out Google, Yahoo! and other major websites earlier this week involved the use of a "bot net"- a large network of zombified home PCs - Internet infrastructure provider Akamai Technologies said.
The attack, which blocked nearly all access to Apple, Google, Microsoft and Yahoo!'s websites for two hours on Tuesday in the US, took aim at the key domain name system (DNS) servers run by Akamai. These servers translate word-based URLs, such as www.microsoft.com, into the numerical addresses used by the internet. Using compromised home computers, the attackers sent a flood of data to the DNS servers, preventing them from providing that translation and effectively shutting surfers out of the four companies' pages, according to Akamai.
The deluge of data that hit the infrastructure provider was "so large that it [couldn't have] come from a couple of servers," said Tom Leighton, chief scientist and co-founder of Akamai. "Working with our network partners, we were able to identify a bot network that appeared to be operating and managed to shut it down, which resulted in stopping the attack."
Bot networks are collections of computers that have been compromised by software specifically designed to create a network of systems for attack. A bot - also known as remote-access Trojan horse program, or RAT - seeks out and places itself on vulnerable PCs. It then runs silently in the background, letting an attacker send commands to the system while its owner works, oblivious. The computers are essentially turned into zombies, controllable from afar.
The latest versions of bot software enable attackers to control and steal information from compromised computers via chat servers and peer-to-peer networks. These PCs can then be commanded to infect or attack other computers. Security experts have identified bot networks as a critical threat to the internet.
A common use of a bot network is to order a compromised PC to send seemingly legitimate network information to a single destination, resulting in a torrent of data that overloads the target servers. Such a distributed denial-of-service, or DDoS, attack can block access to a website for several hours or even days.
While Tuesday's attack was aimed at bringing down the four major websites, Akamai's Leighton said his company was the true target.
"At the high level, it was clear that this attack was focused on a subset of our customers," he said. "We assumed they were attacked as a way to get at Akamai."
What remains unclear is how the DDoS attack could be so selective as to focus on the main Yahoo!, Google, Microsoft and Apple sites. Distributed attacks are typically blunt instruments rather than scalpels, as evidenced by the mass outages caused by this method in 2000. ... "