Feeds

Network Associates weathers DoS attack

Crackers seek revenge for unravelling of BIND bug

  • alert
  • submit to reddit

Top three mobile application threats

Security firm Network Associates was subject to a denial of service attack last night after crackers posted a Trojan horse on security mailing list, BugTraq.

An anonymous posting to the full-disclosure security mailing list, which has 85 000 readers, that appeared to be an exploit of recently discovered vulnerability in BIND name server program, was in fact cleverly disguised malicious code that attacked Network Associates' web site, Nai.com.

Anyone who compiled and ran the code, which security experts estimate might have been as many as 20 000 of BugTraq's readers, became unwitting participants in an attack against Nai.com.

Douglas Hurd, European business development manager for security products at Network Associates, said the attack affected the availability of Nai.com for 90 minutes.

"This was a denial of service type attack - with no penetration of our corporate network. Basically we got blasted with a lot of traffic - which was all noise," said Hurd, who said the effect would have been much worse if the firm did not already have both perimeter defences and intrusion detection software in place.

Unsurprisingly Hurd takes an extremely negative view of the posting of the Trojan, but he is not particularly harsh in his criticism of BugTraq.

"I accept there has to be openness in Internet communities like BugTraq but they have to be made more secure, so that they can't be used against firms. This isn't easy to do because you can't take a totalitarian approach to security."

Chris McNab, a network security analysts at MIS Corporate Defence, said that since BugTraq is a moderated security list the malicious posting, which he said contained fairly sophisticated code, should nonetheless have been detected earlier.

Network Associates issued a security advisory about the BIND vulnerability earlier this week, and McNab said the mode of attack used by the Trojan, sending packets to Network Associates DNS servers, suggests a possible revenge motive for the attack.

"Network Associates web site was intermittently up and down last night," said McNab, "NAI's Covert Labs discovered the BIND problem and this could be an attempt to kick NAI in the shins. This was quiet sophisticated coding and not the work of script kiddies, we're dealing with elite crackers here."

The posting of the malicious code to BugTraq was made from made from nobody@replay.com, an email address of an anonymous posting service. A hunt is on to discover who was responsible for the attack, by Network Associate's Hurd did not express any particular confidence that the attacker would be brought to book. ®

External links

Vulnerabilities in BIND 4 and 8

Related Stories

BIND holes mean big trouble on the Net
Microsoft crippled by S'Kiddies
Microsoft confirms Web site blackout
DNS trouble made Microsoft, Yahoo! unavailable

Build a business case: developing custom apps

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.