Your browser does not seem to support CSS. If images appear below, please disregard them.
Topic Options
Rate This Topic
#38522 - 04/10/04 01:55 PM Netsky attacks: Four sites down, one to go
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
Four out of the five Web sites targeted by a Netsky worm DDoS attack have either been knocked over, or had to change their Web address to remain accessible


File-sharing network eDonkey's main Web site has been knocked offline following an attack from Netsky, but Kazaa has survived -- so far


Earlier this week, file-sharing Web sites Kazaa and eDonkey and three other Web sites were bracing themselves for a distributed denial of service (DDoS) attack launched by variants of the Netsky worm. Netsky.Q, which first appeared on 29 March, is designed to attack certain Web sites that distribute either file-sharing clients or hacking and cracking tools. Kazaa and eDonkey are its best-known targets and the attack is scheduled to last for at least six days.


However, because the worm only attacks the main http://www.edonkey2000.com address, it is still accessible by visiting http://edonkey2000.com. Another target, http://www.emule-project.net, has also experienced severe disruption and in preparation has mirrored its site to http://www.emule-project.org. At the time of writing, both http://www.cracks.st and http://www.cracks.am were unavailable. Kazaa's Web site seems to be the only one of Netsky's targets to have survived the first day of the attack unscathed.


Mikko Hyppönen, director of antivirus research at F-Secure, said that even though the eDonkey and emule-project sites are online, because they are not accessible through their main Web address, most people will not be able to find them: "Most people that have bookmarked eDonkey and emule-project, or if they search for them on Google, will be directed to the "www" site, which fails. If you surf to a Web site and it fails, how many times do you try it again without the www?" he said.


Hyppönen said Netsky's authors seemed to have learnt a lesson from the mistakes made by the author of the Blaster worm, which last summer launched a massive DDoS attack on Microsoft's Windows Update Web site. However, unlike Netsky, Blaster attacked the lesser-used Web address: "Blaster was stupid -- it attacked the Web site that most people would not use. It only attacked http://windowsupdate.com, not http://www.windowsupdate.com. Netsky is attacking the address that most people would surf to," he said.

ZDNet


Good artists copy, great artists
steal.

-Picasso
Top
Sponsored Links
#38523 - 04/12/04 10:18 PM Re: Netsky attacks: Four sites down, one to go
Joined: Apr 2004
Posts: 298
Phatal Offline
UGN News Staff
Phatal Offline
UGN News Staff

Joined: Apr 2004
Posts: 298
Houston, TX
Earlier I posted an article about how these worms are the result of russian mafia extortion schemes. Why would russian mafia want to hit distribution sites? Sounds like we have another player. I'm sure the Russian Mafia has no problem with distribution systems... but who would? Think about it...

All you gotta do is figure out how to use the zombies and they'll do whatever you tell them to... you don't have to be their creator.

Top

Member Spotlight
Crime

Crime
SC, usa
Posts: 506
Joined: March 2002
Show All Member Profiles 
Sponsored Links
Forum Statistics
Forums46
Topics46,436
Posts81,606
Members2,157
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,600
Gremelin 7,195
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860