New modes of attack are making it cheaper to hire a
botnet to deliver adistributed denial of service (DDoS)
attack, says Darren Rennick, CEO of
Prolexic.
Prolexic specialises in
mitigating DDoS attacks, monitoring web traffic and compiling a
"weather report" on DDoS
attacks. Rennick says the new approach is to use botnets, each with
tens of thousands of computers, to send tiny amounts of data to a
target site.
"Each message is too small for protective software to suspect or
detect, but the aggregate effect is to block or damage the
website," he said.
Rennick said another new trend is use the browser to deliver a
simple Javascript malware program to a target computer that visits
an infected website. Rennick believes this so-called browser
malware is to get around the safeguards in
Microsoft Vista, which
protect against heap and buffer overflows, which are the
traditional methods of attack.
"If an attacker inserts their malware into modestly busy
websites of say 100,000 visitors a day, each visitor could receive
the malware, and a DDoS attack with millions of connections could
be launched very easily," he said.
"What is worse is that JavaScript is operating system-agnostic,
meaning all computers are potential targets. That is why we
recommend people disable JavaSCript and probably Flash," said
Prolexic's CTO Paul Sop.
Censorship and industrial sabotage are replacing extortion as
the main aim of distributed denial of service (DDoS) attacks,
Rennick added.
He cited
Estonia,
which in May was hit by massive attacks, some lasting 10 hours or
longer and blocking scores of megabytes of bandwidth. Russia was
widely suspected of being behind the attacks, but has denied
involvement.
Another was the recent attack against the Daily Telegraph, which
tends to take a right-wing stance on political issues.
While these attacks might be politically motivated, industrial
sabotage is becoming more common, Rennick said. Last year, online
gambling sites sometimes faced blackmail demands from DDoS
managers, but online retailers now face attacks from competitors,
the aim being to shut down or damage the reputation of the
competitor's website.
Comment on this article:
computer.weekly@rbi.co.uk