RIAA Web Site Remains Offline

The web site of the Recording Industry Association of America remains offline in an outage now approaching five days in duration. The www.riaa.com web site was targeted for a distributed denial of service (DDoS) attack by the MyDoom.F virus. The current outage now exceeds the RIAA site's four-day outage in July 2002, which was attributed to a DDoS.

RIAA web site performance

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

Witty Worm Targets Black Ice, Disables Machines

A Slammer-like worm dubbed Witty is spreading, generating large amounts of network traffic and leaving ruined computers in its wake.

The worm, which appeared overnight Friday, exploits a weakness in the widely-used Black Ice security products, and is not detected by antivirus software, as it resides in memory. When an infected system is rebooted, Witty deletes a randomly chosen section of the hard drive, rendering some machines unusable.

The Internet Storm Center raised its incident alert level to yellow, and advised that vulnerable systems be taken off the network. "Disconnect systems running BlackIce as soon as possible," said the advisory at the ISC, run by the SANS Institute. Symantec also advised that network admins disconnect machines running Black Ice.

Continue reading

BBC investigates DDoS extortion in the UK gambling industry

The UK's top 20 betting sites have suffered 33 separate outages since March 1, according to an analysis by the BBC which has been investigating Internet based extortion in the gambling industry. Fifteen of the 20 bookies have been offline during that time. Four of the providers - William Hill, Betdaq, Totalbet and UKBetting - have said they were either attacked or received extortion demands by criminals prior to the March 15 start of the Cheltenham Festival, a leading horse racing event is experiencing its second extended outage in less than a week. .

TotalBet is among the betting sites that acknowledge being targeted by distributed denial of service (DDoS) attacks in recent weeks, and was offline for nearly 36 hours on March 16-17.


A dynamically updating graph of the top 20 UK betting sites is available here.

Anecdotal reports are that it is imperative for sites not to pay off DDoS blackmail demands, as the capability to perform DDoS attacks is quite widespread and information on soft targets circulates rapidly amongst that community.

Internator 3: Rise of the Devices

When archrivals Microsoft and Sun make a joint announcement, something important is clearly afoot. The news that the two companies are part of a consortium that is applying to ICANN to create a new top level domain for mobile devices is a case in point.

At first sight, the story is about convergence: the fact that more computers are portable these days, and that mobile phones now pack a considerable computing punch: contemporary mobile phones such as the Sony P800 are more powerful than the machine that ran Netcraft's first Web Server Survey. But at another level, it is symptomatic of an even more profound change: a move from wired Internet connectivity centred on the users of a Net connection - companies or individuals - to a wireless Internet connectivity of objects, essentially independent of users.

Continue reading

RIAA Site, Targeted By Worms, Is Offline

The web site of the Recording Industry Association of America has been offline for more than a day, following several days of intermittent outages. The www.riaa.com web site was targeted for a DDoS attack by the MyDoom.F virus.

RIAA web site performance

The DDoS component of MyDoom.F also targets www.microsoft.com, which has experienced no significant problems. Antivirus vendors say MyDoom.F has been found on as many as 45,000 machines. A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

OpenSSL Patches Denial of Service Flaws

The OpenSSL Project has issued patches to fix flaws that could leave secure servers open to denial of service attacks. These vulnerabilities have been fixed in OpenSSL 0.9.6m and 0.9.7d, available from the project's web site.

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and is used in security products from numerous vendors. Cisco has already released an advisory for customers, while Oracle and Symantec say none of their OpenSSL-based products are affected. OpenSSL is also used in products from IBM, FreeBSD, Red Hat, SUSE and others. The advisory from UK's National Infrastructure Security Co-ordination Centre (NISCC) includes an updated list of vendor responses.

Last summer the NISCC identified several similar vulnerabilities in OpenSSL. In December, Oracle issued a critical update to address security holes in its implementation of OpenSSL.