Networking

06:01 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Botnet Targets CIA, Google, Others With Junk Data

Security experts aren't sure why the botnet is conducting a weak attack.

About 315 Web sites, including domains operated by the CIA, the FBI, Google, Microsoft, and Mozilla, are being deluged with junk data, enough in some cases to qualify as a denial of service attack.

The source is the Pushdo botnet, which has been operating since at least 2007. Pushdo bots distribute the Wigon rootkit and the Cutwail spam trojan most often.

In an online post on Friday, Shadowserver security researcher Steven Adair said that some 315 Web sites are being sent junk data via SSL connections.

"Technically they are being attacked, although knocking the sites offline doesn't seem to be the goal," he says. "The bots seem to start to initiate an SSL connection and [send] a bit of junk to the Web sites and then disconnect. They do not actually request an resources from the Web site or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long."

For Web sites set up to deal with lots of traffic, like chrome.google.com and ssl.bing.com, the data surge hasn't noticeably degraded site performance, though it may inflate bandwidth bills.

Other less well-provisioned sites however, may experience service slowdowns or stop responding completely if the traffic volume is sufficient.

Adair isn't certain as to the purpose of the attack, if it is one. The volume of traffic is too noticeable to reflect convert activity and not large enough to represent a serious denial of service threat, he says.

It's possible that the attack's goal is reconnaissance rather than denial of service.

SANS Internet Storm Center handler Steve Hall has asked admins of affected sites to capture some of the incoming packets and upload them via a SANS Web form for analysis.

Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
6
IT Certification's Top 10 Benefits
Global Knowledge, Global Knowledge,  8/20/2014
1
Why Large Data Centers Need Overlay Networks
Cisco Press, Publishing Alliance,  8/21/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed