 |
 |
 |
|
 |
 
"Blaster" Internet WormThe U.S. Department of Homeland Security (DHS)
issued the following notice on its public home page
from Friday, August 15th, to Monday, August 18th, 2003, in regards to the high number of compromised
systems and the potential impact on the Internet infrastructure from a distributed Denial-of-Service
(dDoS) attack of this magnitude:
Homeland Security Provides Advice on Combating the "Blaster" Internet Worm
The National Cyber Security Division of the US Department of Homeland Security today issued an advisory concerning the Internet worm known as "MSBlast", "LovSan" or "Blaster" that has been infecting computers worldwide since late Monday afternoon. This worm was launched by an unknown person and infects many computers running popular Microsoft Windows operating systems, including Windows 2000 and Windows XP. The worm does not target systems running Windows 98 or Windows ME. This is a follow up to advisories published on July 24, July 30, and August 12. (More) Another DHS Advisory was also issued to highten awareness for potential Internet disruptions beginning August 16th, 2003 due to distributed Denial-of-Service attacks launched from the infected systems. Recipients of this advisory are encouraged by DHS to report information
Even though the original attack scheduled for August 16th forced Microsoft to give up the domain “windowsupdate.com” to avoid the Denial-of-Service attack, the MS-Blaster/LoveSan worm continues to spread; two new versions are now circulating to exploit the RPC-DCOM vulnerability, one of which installs a ‘back door’ to the infected systems, allowing to program each compromised computer to participate in a distributed Denial-of-Service attack against new targets. The two successful dDoS attacks on “microsoft.com” in the week prior to August 16th were unrelated to the RPC DCOM exploit, and are said to have originated from two different dDoS handler machine pools (source: Microsoft). Before Microsoft decided to give up the domain name “windowsupdate.com” on late Friday afternoon on August 15th, it enlisted the help of Akamai’s and Digital Islands’ large distributed server network in an effort to diffuse the looming attack. However, the dDoS attacks on the “Al Jazeera” English media website during the Iraq conflict demonstrated that throwing a lot of servers and bandwidth against a coordinated dDoS attack is not a successful solution; at the time, Akamai bowed out due to “political reasons”, as due to the nature of dDoS attacks even their ~12,000-server global network could not sustain attacks from a large pool of dDoS handler machines (source: CNN and Omnix, Doha/Qatar). As of Thursday, August 28th, PCs infected by variants of MS Blaster & SoBig.F have been linked to large-scale dDoS attacks on providers offering “Anti-SPAM Blacklists”, such as Osirusoft and SORBS.net - Osirusoft permantently shut their doors, causing wide-spread disruptions in e-mail deliveries, including the US Federal Trade Commission, which used Osirusoft to eliminate a lot of Spam messages (UCE). Melior, Inc. entered an agreement with SORBS, one of the remaining Blacklist providers, to provide iSecure dDoS-Defense systems in Brisbane/Australia and Connecticut/USA, in order to keep Anti-Spam Blacklist providers and the e-mail systems of their users (typically Government- and large commercial entities) online and operating normally (Press). |
|
© Copyright 1987 - 2006 Melior, Inc. - CyberWarfare Defense
Trade- and Servicemarks, Copyrights, and Patent-Pending Protection is effective in WTO countries.
v 07132013-2043 NetGroup GmbH Dortmund/MEZ