Sunday, August 12, 2007

When Zombies Attack

A couple of days ago, I blogged about a group of Russian criminals that are distributing a PHP-based malware creation kit called MPack, designed to enable criminal gangs to target Internet banking and shopping customers.

The "developers" of this kit recently boasted about creating a network consisting of tens of thousands of hijacked web servers, worldwide.

This weekend, days after my post went up, one of our sites became the target of an attempted DDOS (Distributed Denial Of Service) attack involving tens of thousands of IP addresses.

Coincidence? Maybe, maybe not.

The attack was not harmful. As a security company, we get this kind of stuff aimed at us all the time. Many security companies and commentators do: Microsoft, Symantec, VeriSign, CERT, Steve Gibson, Ben Edelman - the list is a long one, and these are just the guys willing to be open about it. In a 2006 USA Today article, it was claimed that Symantec alone found itself the target of an average of almost a thousand DDOS attacks a day during 2005:

"Security software giant Symantec saw an average 927 DDOS attacks per day in the first half of last year, up 679% from the last six months of 2004."

I imagine the guys at Symantec are pretty well-prepared for these events by now. The Authentium NOC guys, and our ISPs, were also well-prepared for the additional traffic that came our way today, and our systems responded to plan.

Note to Russian authorities: it may turn out that someone else was behind today's incident. That doesn't matter - you should do the Internet users of the world a favor, and arrest these MPack lowlifes: It is naive to imagine the well-funded criminal gangs buying their kits will continue to focus their attention exclusively on banking and commerce targets outside Russia.

Speaking of which... according to research done by VeriSign iDefense (and published on a blog maintained by our partners, IronKey), the MPack Internet banking "crimeware" kit is being used by more than 50 criminal groups - and associated malware has been unintentionally downloaded and installed by an estimated 500,000 PC users worldwide.

Bankers, beware. Readers, if you want to view my previous post on this, click here.

No comments: