Will Garside and Matthew Burgess
The attack was made via a Trojan horse that was posted to security industry mailing list BugTraq.
The malicious code was disguised as an example of how to exploit BIND vulnerabilities. Anyone running the code inadvertently launched a denial of service attack on Network Associates' Web site.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
NAI spokesman Doug Hurd commented: "We did have a lot of traffic pushed to our gateway last night, which we believe was a load-based DOS [denial of service] attack. This was detected by our systems and through contact with our ISP we stopped the bulk of the attack. Our network was never penetrated and during the attack we managed to gather information regarding the identities of those involved."
"We have no proof that the attack originated from the posting of the BugTraq list," continued Hurd, "although we cannot rule this out. BugTraq is a valuable service and we will continue to support it."
Neil Barratt, technical director of Information Risk Management said:
"We have been waiting for the first person to exploit the BIND vulnerability so this is not a surprise. When this exploit was posted, we grabbed it and played with it - more people should have treated it with kid gloves and this is the result of these lapses. DOS is not difficult to do and this won't be the last DOS attack against a high profile target."
Gunter Ollman, principal consultant of Internet Security Systems speculates that NAI could already be tracking the culprit down:
"The Trojan was written in assembly code and the style that the code has been written in can often determine where it came from."