Category Archives: Security Websies

Brobot botnet used to launch DDoS attack

DOSarrest Internet Security had a run in with the notorious Brobot Botnet, if the name sounds familiar it’s because this bot was responsible for sporadic outages on a number of large US based financial institutions in 2013. Said to be operated by al-Qassam Cyber Fighters (AKA QCF). Botnets are born, die, grow, shrink, and morph on a daily basis, if not hourly. It’s hard to keep track of them all. Then there are particularly nasty ones that are large, powerful and sophisticated. These particular botnets have some of their zombies or bots corralled off for research purposes by a number of organizations including private Botnet hunters, government cyber surveillance departments and other large law enforcement agencies. On to the attack Why ? One of our customers is a large media outlet specializing in Middle Eastern news. With all the conflict over there these days, they must have written a few stories that the attackers were not in agreement with. How ? Using Brobot, the attackers threw millions of TCP port 80 requests at the website. Unlike a SYN attack that tries to exhaust your TCP open sessions table buffers, this attack would open and close each session/request: 1)     Request a TCP connection 2)     Once established they would send one character 3)     Then request the TCP session to close. The problem arises when you are receiving approximately 50 million of these per second. Where ? This botnet is comprised of infected webservers using PHP, hosted on various webhosting companies around the globe. Some hosting companies seem to be represented a little more than others. One notable observation of the Brobot is that it’s very US centric, not all of the bots are based in the US but approximately 40%  are, which makes filtering based on countries very difficult. When under a large TCP port 80 attack, usually it is not evenly divided across our scrubbing nodes in the US and Europe. This was different, virtually all of our upstream links in every city had pretty much the same amount of Packets Per Second and Bandwidth. I can’t ever remember seeing that in the last 7 years All links had a graph like the one above Who cares ? Within a couple of hours of the attack starting we were contacted by a private Botnet hunter that knew we were dealing with Brobot. Soon followed by visits to our website from two US federal Law enforcement agencies. Hence the title, not all botnets are equal.

Visit link:
Brobot botnet used to launch DDoS attack

DDoS Attack Puts Code Spaces Out of Business

Days after Feedly and Evernote were briefly forced offline by hackers demanding a ransom payment, a code-hosting service was run out of business by a similar scheme. CodeSpaces.com closed its doors this week, following a security breach that began with a distributed denial-of-service (DDoS) attack, and ended 12 hours later after an attempt to extort money from the company. No stranger to DDoS attacks, Code Spaces thought it could handle the situation, but the situation quickly spiraled out of control. On Tuesday, an unauthorized person—not believed to be employed by the site—gained access to Code Spaces’s Amazon EC2 control panel. When the team fought back, the hacker deleted “most of our data, backups, machine configurations and offsite backups,” the company said. “Code Spaces will not be able to operate beyond this point,” an online notice said, citing the price of resolving the issue, as well as the expected cost of refunding paying customers. This week’s attack “will put Code Spaces in [an] irreversible position both financially and in terms of ongoing credibility.” “All that we have to say at this point is how sorry we are to both customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” the company said. Users can expect more details once Code Spaces sorts out its customers’ needs. Those who have stored data on the site can email support@codespaces.com with an account URL, and if you’re lucky, some remaining crumbs will be returned. For more, watch PCMag Live in the video below, which the Code Spaces dilemma. It’s been a banner month for DDoS attacks: Evernote suffered a blow last week, but was back on its feet within a few hours. Feedly wasn’t so lucky, however. The RSS service was hit twice in two days, though the company promised user data remained safe. Similarly, Ancestry.com just recovered today from a three-day bout of DDoS, in which the site was overloaded with traffic and crashed. No user information was compromised. Source: http://www.pcmag.com/article2/0,2817,2459765,00.asp

Read More:
DDoS Attack Puts Code Spaces Out of Business

Code hosting Code Spaces destroyed by extortion hack attack

Cloud code hosting service Code Spaces is forced to shut down, as a DDoS attack coupled with an unsuccessful extortion attempt was followed by the attacker deleting most of its code repositories and b…

View original post here:
Code hosting Code Spaces destroyed by extortion hack attack

Ancestry.com working to fully restore services following DDoS attack

The genealogy website Ancestry.com is working to fully restore its service after it was hit by a Distributed Denial of Service attack. Company spokeswoman Heather Erickson says it means ancestry.com was overwhelmed with bogus traffic Monday. “The attack was overloading our systems with massive amounts of traffic, but it did not access any data in servers,” Erickson said. The site, which has more than 2 million subscribers, was down for much of Tuesday and wasn’t fully operational Wednesday afternoon. Its Web team neutralized the DDoS attack and was working to fully restore services. “This has been a very frustrating and overwhelming experience, and our teams have been fantastic, working around the clock to make it neutralized,” Erickson said. Company officials are hoping to fully recover from the attack soon. Ancestry.com is posting updates on its Facebook and Twitter pages. Erickson said she doesn’t know where the attack came from. “These types of attacks aren’t unique to Ancestry. We know of many other companies that have been victim to these types of attacks. It’s unfortunate that any company has to go through something like this,” she said. The attack also impacted Ancestry.com’s sister site Find a Grave, though as of Wednesday afternoon it was back up, according to its Facebook page. Company officials said the sync and search feature in Family Tree Maker were still disabled until the site stability had been fully restored. They recommended people use the feature offline. Source: http://www.deseretnews.com/article/865605393/Ancestrycom-working-to-fully-restore-services-following-DDoS-attack.html

More:
Ancestry.com working to fully restore services following DDoS attack

Microsoft patches DoS flaw in its Malware Protection Engine

Microsoft has released an update for its Malware Protection Engine to fix a privately reported security vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine sc…

Follow this link:
Microsoft patches DoS flaw in its Malware Protection Engine

Entirely new trojan quietly wheeled into black hat forums

Pandemiya is 25,000 lines of original password-pinching botnet badassery An RSA researcher claims to have found an entirely new trojan during his trawls of the criminal underground.…

Follow this link:
Entirely new trojan quietly wheeled into black hat forums

Feedly suffers second round of DDoS attacks after perpetrator tried to extort money

Update 7.26am PST (June 12) After initially giving the all-clear for business to resume, Feedly has announced that it’s currently suffering a second round of DDoS attacks. The company says in a blog post: “We are currently being targeted by a second DDoS attack and are working with our service providers to mitigate the issue. As with yesterday’s attack, your data is safe. We apologize for the inconvenience and will update this blog post as more information is available or the situation changes.” Update 3:40PM PT: Feedly has posted on its blog that it has neutralized the DDoS attack as of 3:07PM PT. “You should now be able to access your feedly from both feedly.com, mobile apps and third party applications. Our ops team is closely monitoring the situation in case the attacks resume. It might take a few hours for some of the 40 million feeds we poll to be fully updated. We would like to re-iterate that none of your data was compromised by this attack.” Original post below: If you’ve been having issues accessing your RSS feed via Feedly today, well, there’s a good reason for that. Feedly has announced that it’s currently suffering a DDoS (distributed denial-of-service) attack, with the perpetrator(s) attempting to garner money from the company to make it stop. “We refused to give in and are working with our network providers to mitigate the attack as best as we can,” explains Edwin Khodabakchian, founder and CEO of Feedly. Feedly is assuring its users that their data remains safe, and access will be restored once the “attack is mitigated.” Other companies have been affected by a DDoS too, as Feedly alludes to when it says “we are working in parallel with other victims of the same group and with law enforcement.” Just yesterday, Evernote reported it had been subjected to a similar attack, though it was quickly restored. It’s not clear whether this is directly related to the current attack on Feedly. We’ll update here when we receive any updates. Source: http://thenextweb.com/insider/2014/06/11/feedly-suffers-ddos-attack-perpetrator-tries-extort-money/

More here:
Feedly suffers second round of DDoS attacks after perpetrator tried to extort money

World Cup websites struck down by DDoS attacks

Various websites associated to the World Cup have been struck by a distributed denial of service (DDoS) attack ahead of the tournament’s opening match on Thursday. The official government World Cup website has been down for more than a day, as well as the websites of some host states. Hacking collective Anonymous has claimed responsibility for the attacks. The hacker group has published a list of over 60 websites that have successfully taken down and are still offline at the time of writing, including as the Brazil website of recording giant Universal Music. Public figures that are perceived by the hackers as supportive of the government and the World Cup are also being targeted. Various performers such as Caetano Veloso, Mariana Aydar, and Filipe Catto have had the content of their websites replaced by anti-FIFA messages or taken down. Last month, the internal communications system of the Brazilian Ministry of External Relations was also hacked, with a possible leak of confidential information. Even though Anonymous has not claimed direct responsibility for the attack, it has released a YouTube video justifying it and citing general dissatisfaction with the World Cup. Back in February, the hackers said they were preparing for a string of cyberattacks to FIFA and sponsor websites during the World Cup, including DDoS attacks, as well as website defacement and data theft. The Anonymous group has vowed to continue the attacks and is posting regular updates on Twitter under the hashtags #OpHackingCup and #OpWorldCup. Source: http://www.zdnet.com/world-cup-websites-struck-down-by-ddos-attacks-7000030479/#ftag=RSSbaffb68

See the article here:
World Cup websites struck down by DDoS attacks

Feedly DDoSed by ransom-threat crims: ‘We refused to give in’

RSS bods stand up to cyber creeps News aggregator Feedly has been knocked offline by a distributed denial of service (DDoS) attack after refusing to pay criminals to stop the attack.…

More here:
Feedly DDoSed by ransom-threat crims: ‘We refused to give in’

DDoS attack takes Deezer offline

Streaming music service Deezer experienced several hours of downtime this weekend just gone, thanks, apparently, to one of those Distributed Denial Of Service attacks that were so fashionable a few years back. The source of the DDoS isn’t clear, but the streaming service says its servers were first targeted on Friday, with no real impact, but that a high level attack occurred on Saturday afternoon, taking the service offline on all platforms. DDoS attacks swamp a server with traffic so that it crashes under the weight. Deezer bosses say that while the DDoS was enough to force their service offline, no data was accessed by the attackers. The company’s IT experts identified the course of the problem and put in place measures to limit the impact of the DDoS, so that even though the server attack continued through Sunday, the service has been back online since just after midnight Saturday night. Deezer Founder Daniel Marhely said yesterday in a message to users: “As soon as we became aware of the issue we launched an investigation. We assigned ten staff members to the incident and worked to get the service back up, fuelled by a winning mix of adrenalin and pizza. The method of attack was quickly identified and actions were taken to minimise the impact on the service. We regularly adapted solutions to the changing methods of attack. New protective measures (filters to distinguish between normal incoming traffic and flooding traffic from the attack) were set up by our team, and the attacks finally stopped around 00.22 GMT”. Stressing that no user data had leaked during the attack, the Deezer man went on: “We apologise for any inconvenience. We’re continuing to investigate and are working hard on measures to counter this type of attack in the future. We have taken steps to strengthen our servers and security systems and will continue to do so. Thanks for your patience. We really appreciated your kind messages and encouraging tweets throughout the weekend”. Source: http://www.completemusicupdate.com/article/ddos-attack-takes-deezer-offline/

Original post:
DDoS attack takes Deezer offline