RIAA Site Offline Again on MyDoom.F Trigger Date

The Recording Industry Association of America (RIAA) web site is once again experiencing significant downtime. The timing of outages yesterday and today begs the question of whether the site continues to suffer the effects of the MyDoom.F virus, which programs machines to launch distributed denial of service attacks on www.riaa.com between the 17th and 22nd of each month.

The RIAA site was offline from March 17-24 due to the effects of MyDoom.F, which at its height was estimated to have infected as many as 45,000 machines, according to antivirus vendors.

RIAA web site peformance

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

Most Reliable Hosting Providers during April

Ranking by Failed Requests and Connection time,
April 1st - 30th 2004


During April, Jumpline, a hosting company which specialises in Virtual Private Server [VPS] solutions, was the most reliable of the hosting company sites we monitor. Second placed was Energis, the UK telco and high end hosting provider, and third was Komplex, the German hosting company which was top during March.

Notably, this month five of the top ten sites were running Linux. This is first time since the performance analysis of hosting company sites started that Linux has been the leading operating system for site reliability. Until now FreeBSD had without exception been the most common operating system amongst the top ten each month. However, this month, the top ten comprises five sites running Linux, three running FreeBSD and one each running OpenBSD and Windows, with Energis running Windows and Secure Dog running OpenBSD.

Continue reading

Windows Update Site Experiences Slowdowns

The Windows Update web site has been experiencing performance problems again today, with our monitoring showing lengthy response times and brief outages.

Windows Update site was slowed by heavy traffic last month following the release of four Microsoft security updates fixing critical holes in Windows software. Saturday's Sasser worm used one of those flaws, a buffer overflow in the LSASS Windows networking service, to compromise unpatched machines. It's not yet clear whether today's delays are due to increased patching by tardy network administrators, or some other cause. Microsoft said it addressed last month's performance problems by "adding resources to support Windows Update."

Windows Update site performance

Dynamically updating performance charts for Windows Update are available here.

Protracted Availability problems for Above.net

The Above.net web site is experiencing the latest in a series of outages, which began April 24 and have intensified since Tuesday, with the www.above.net site either exhibiting very slow response times or being unreachable. The duration of the performance problems is unusual for a network provider the size of Above.net (previously Metromedia Fiber Network). The company has not yet responded to an inquiry about its site performance.

AboveNet site performance

Our Hosting Provider Network Performance summary provides current information on the uptime for web sites of major hosting companies.

E-commerce Firm 2Checkout Reports DDoS Extortion Attack

E-commerce firm 2Checkout, which processes credit card payments for online merchants, says it has been hit with a distributed denial of service ((DDoS) attack after it rebuffed an extortion attempt. The 2Checkout site experienced rolling outages from the attack, which began on April 9 and was still ongoing as of April 16, according to a statement on the company's web site.

"2Checkout continues to fight an extortion based ('Pay us or else we will continue to attack') DDOS attack," the company said earlier this week. "We apologize for any service interruptions. Rest assured that our full staff in addition to some consultants are working relentlessly in conjunction with our providers to combat and minimize any effects of the attack."

Continue reading

Windows Update struggling to remain available

Microsoft's Windows Update web site has been experiencing slow response times in the wake of yesterday's release of critical security updates. A browser request through Internet Explorer eventually raises the site after an extended wait, and in some cases it is possible to successfully download and install updates over a broadband connection. Dynamically updating performance charts for Windows Update are available here.

The service is struggling for availability at a crucial moment of need for Windows users. Microsoft yesterday released four security updates, including three critical patches that Microsoft urged customers to install immediately. They include a patch for an SSL vulnerability that leaves Windows 2000 and NT4 SSL sites open to remote compromise. The current sluggish performance of Windows Update is a particular challenge for Windows users on dial-up Internet connections, as the Windows XP download is 3 megabytes.

"After the release of yesterday's security updates, the number of requests to Windows Update was double the usual volume," said a Microsoft spokesperson. "The slowdowns didn't last very long. We've added some system resources to support Windows Update, and are not seeing much trouble anymore."

This morning the DNS for windowsupdate.microsoft.com was being managed by Savvis Communications though its Digital Island content distribution network (CDN). CDNs help manage Internet traffic (including DDoS attacks) by using large, geographically distributed networks of servers to move files closer to the end user. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network. Today Savvis was using Windows Server 2003 to manage the Windows Update traffic. This evening the site is being served from a netblock assigned to Hotmail, Microsoft's e-mail service.