Networking

06:01 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Botnet Targets CIA, Google, Others With Junk Data

Security experts aren't sure why the botnet is conducting a weak attack.

About 315 Web sites, including domains operated by the CIA, the FBI, Google, Microsoft, and Mozilla, are being deluged with junk data, enough in some cases to qualify as a denial of service attack.

The source is the Pushdo botnet, which has been operating since at least 2007. Pushdo bots distribute the Wigon rootkit and the Cutwail spam trojan most often.

In an online post on Friday, Shadowserver security researcher Steven Adair said that some 315 Web sites are being sent junk data via SSL connections.

"Technically they are being attacked, although knocking the sites offline doesn't seem to be the goal," he says. "The bots seem to start to initiate an SSL connection and [send] a bit of junk to the Web sites and then disconnect. They do not actually request an resources from the Web site or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long."

For Web sites set up to deal with lots of traffic, like chrome.google.com and ssl.bing.com, the data surge hasn't noticeably degraded site performance, though it may inflate bandwidth bills.

Other less well-provisioned sites however, may experience service slowdowns or stop responding completely if the traffic volume is sufficient.

Adair isn't certain as to the purpose of the attack, if it is one. The volume of traffic is too noticeable to reflect convert activity and not large enough to represent a serious denial of service threat, he says.

It's possible that the attack's goal is reconnaissance rather than denial of service.

SANS Internet Storm Center handler Steve Hall has asked admins of affected sites to capture some of the incoming packets and upload them via a SANS Web form for analysis.

Comment  | 
Print  | 
More Insights
Hot Topics
14
White-Box Switches: Are You Ready?
Tom Hollingsworth 7/28/2014
11
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
7
Cisco Certifications Confront Changing Skills Needs
Ethan Banks, Senior Network Architect,  7/30/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed