A botnet comprised of about 50,000 infected computers has started its attack Saturday on U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea, computerworld.com IDG News Service says. Security experts estimate the size of the botnet at somewhere between 30,000 and 60,000 computers.
According to security researchers studying the incident, several other government Web sites such as banking Web sites in Korea, U.S. Bancorp, the U.S. Secret Service, the U.S. Department of Homeland Security, the U.S. Department of State, the White House, the U.S. Department of Defense, the New York Stock Exchange, the Nasdaq and the Washington Post, the U.S. Department of Transportation have also been targeted. However, most of the targeted sites appeared to be working normally on Tuesday.
Security experts consider the attack to be more of a nuisance than a threat to security. It uses a variety of well-known distributed denial of service (DDoS) attacks that try to overwhelm Web sites with useless requests and make them unavailable for legitimate users. Besides, the botnet code behind the attack does not use typical antivirus evasion techniques and does not appear to have been written by a professional malware writer, said Joe Stewart, a researcher with SecureWorks.
It is also unusual to see relatively low-profile government Web sites being hit. "It's embarrassing that these sites have been hit for four or five days and they're still being affected. Think of the money that eBay and Amazon would lose in four to five days of this," said one security expert, who spoke on condition of anonymity because he wasn't authorized to discuss the matter publicly.
The fact that the DDoS attack took down government computers is an embarrassment to the U.S., which is working to strengthen the country's cyber-security defenses under President Barack Obama.