Security Blog

July 24, 2009
July 4th DDoS Attack Random Thoughts

Now that we've had some time to look back at the DDoS attacks on many of our government Web sites a couple of weeks ago, a few things are apparent:

1. Trojan.Win32.Agent.cper - This is a variant of the infamous MyDoom email worm. It was the worm that infected the 60,000+ PCs that were used in the attacks. MyDoom made its debut in 2004, that's right - more than years ago! Malware is malware, no matter how old, they are just as deadly. Protection against the wildlist alone is simply not enough.

2. This is a new form of warfare - In today's internet, one can accomplish creating massive damage upon one's enemies by attacking critical network infrastructure. We are only going to see more of this in the future.

3. If this is warfare, the zombie PCs in the botnet were essentially troops - An astonishing 60,000+ PCs were part of the botnet uses to (unknowingly) attack US and South Korean sites.

4. Cyberweapons - Using the same analogy, malware authors are literally cyber arms manufacturers and dealers. Malware has gone commercial and has its own underground eco system to support it. Malware is bought and sold just like goods in real life. The more effective the malware, the more its worth.

5. Secure the end point, secure the network - The government probably spends a lot of (tax payer) money to secure their network assets, however perhaps not enough emphasis has been put on securing the millions of PCs within the country. If the average computer user is more educated on computer security and thus bringing down the infected ratio, wouldn't the bad guys have a lot less to work with?

Posted by: Pete at 5:33 PM
Categories: General , Malware , Viruses

• Share
  • del.icio.us
  • StumbleUpon
  • Digg
  • Technorati
  • Facebook
• Permalink
• Comments ()
• TrackBacks (0)
• Discuss This Topic in Our Forum

No TrackBacks

Comments

July 4th DDoS Attack Random Thoughts

Now that we've had some time to look back at the DDoS attacks on many of our government Web sites a couple of weeks ago, a few things are apparent:

1. Trojan.Win32.Agent.cper - This is a variant of the infamous MyDoom email worm. It was the worm that infected the 60,000+ PCs that were used in the attacks. MyDoom made its debut in 2004, that's right - more than years ago! Malware is malware, no matter how old, they are just as deadly. Protection against the wildlist alone is simply not enough.

2. This is a new form of warfare - In today's internet, one can accomplish creating massive damage upon one's enemies by attacking critical network infrastructure. We are only going to see more of this in the future.

3. If this is warfare, the zombie PCs in the botnet were essentially troops - An astonishing 60,000+ PCs were part of the botnet uses to (unknowingly) attack US and South Korean sites.

4. Cyberweapons - Using the same analogy, malware authors are literally cyber arms manufacturers and dealers. Malware has gone commercial and has its own underground eco system to support it. Malware is bought and sold just like goods in real life. The more effective the malware, the more its worth.

5. Secure the end point, secure the network - The government probably spends a lot of (tax payer) money to secure their network assets, however perhaps not enough emphasis has been put on securing the millions of PCs within the country. If the average computer user is more educated on computer security and thus bringing down the infected ratio, wouldn't the bad guys have a lot less to work with?

Back to Top

Partner Login

• Overview
• Security Blog
• Forum