Feeds

Network Associates weathers DoS attack

Crackers seek revenge for unravelling of BIND bug

  • alert
  • submit to reddit

High performance access to file storage

Security firm Network Associates was subject to a denial of service attack last night after crackers posted a Trojan horse on security mailing list, BugTraq.

An anonymous posting to the full-disclosure security mailing list, which has 85 000 readers, that appeared to be an exploit of recently discovered vulnerability in BIND name server program, was in fact cleverly disguised malicious code that attacked Network Associates' web site, Nai.com.

Anyone who compiled and ran the code, which security experts estimate might have been as many as 20 000 of BugTraq's readers, became unwitting participants in an attack against Nai.com.

Douglas Hurd, European business development manager for security products at Network Associates, said the attack affected the availability of Nai.com for 90 minutes.

"This was a denial of service type attack - with no penetration of our corporate network. Basically we got blasted with a lot of traffic - which was all noise," said Hurd, who said the effect would have been much worse if the firm did not already have both perimeter defences and intrusion detection software in place.

Unsurprisingly Hurd takes an extremely negative view of the posting of the Trojan, but he is not particularly harsh in his criticism of BugTraq.

"I accept there has to be openness in Internet communities like BugTraq but they have to be made more secure, so that they can't be used against firms. This isn't easy to do because you can't take a totalitarian approach to security."

Chris McNab, a network security analysts at MIS Corporate Defence, said that since BugTraq is a moderated security list the malicious posting, which he said contained fairly sophisticated code, should nonetheless have been detected earlier.

Network Associates issued a security advisory about the BIND vulnerability earlier this week, and McNab said the mode of attack used by the Trojan, sending packets to Network Associates DNS servers, suggests a possible revenge motive for the attack.

"Network Associates web site was intermittently up and down last night," said McNab, "NAI's Covert Labs discovered the BIND problem and this could be an attempt to kick NAI in the shins. This was quiet sophisticated coding and not the work of script kiddies, we're dealing with elite crackers here."

The posting of the malicious code to BugTraq was made from made from nobody@replay.com, an email address of an anonymous posting service. A hunt is on to discover who was responsible for the attack, by Network Associate's Hurd did not express any particular confidence that the attacker would be brought to book. ®

External links

Vulnerabilities in BIND 4 and 8

Related Stories

BIND holes mean big trouble on the Net
Microsoft crippled by S'Kiddies
Microsoft confirms Web site blackout
DNS trouble made Microsoft, Yahoo! unavailable

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.