Feeds

Network Associates weathers DoS attack

Crackers seek revenge for unravelling of BIND bug

  • alert
  • submit to reddit

New hybrid storage solutions

Security firm Network Associates was subject to a denial of service attack last night after crackers posted a Trojan horse on security mailing list, BugTraq.

An anonymous posting to the full-disclosure security mailing list, which has 85 000 readers, that appeared to be an exploit of recently discovered vulnerability in BIND name server program, was in fact cleverly disguised malicious code that attacked Network Associates' web site, Nai.com.

Anyone who compiled and ran the code, which security experts estimate might have been as many as 20 000 of BugTraq's readers, became unwitting participants in an attack against Nai.com.

Douglas Hurd, European business development manager for security products at Network Associates, said the attack affected the availability of Nai.com for 90 minutes.

"This was a denial of service type attack - with no penetration of our corporate network. Basically we got blasted with a lot of traffic - which was all noise," said Hurd, who said the effect would have been much worse if the firm did not already have both perimeter defences and intrusion detection software in place.

Unsurprisingly Hurd takes an extremely negative view of the posting of the Trojan, but he is not particularly harsh in his criticism of BugTraq.

"I accept there has to be openness in Internet communities like BugTraq but they have to be made more secure, so that they can't be used against firms. This isn't easy to do because you can't take a totalitarian approach to security."

Chris McNab, a network security analysts at MIS Corporate Defence, said that since BugTraq is a moderated security list the malicious posting, which he said contained fairly sophisticated code, should nonetheless have been detected earlier.

Network Associates issued a security advisory about the BIND vulnerability earlier this week, and McNab said the mode of attack used by the Trojan, sending packets to Network Associates DNS servers, suggests a possible revenge motive for the attack.

"Network Associates web site was intermittently up and down last night," said McNab, "NAI's Covert Labs discovered the BIND problem and this could be an attempt to kick NAI in the shins. This was quiet sophisticated coding and not the work of script kiddies, we're dealing with elite crackers here."

The posting of the malicious code to BugTraq was made from made from nobody@replay.com, an email address of an anonymous posting service. A hunt is on to discover who was responsible for the attack, by Network Associate's Hurd did not express any particular confidence that the attacker would be brought to book. ®

External links

Vulnerabilities in BIND 4 and 8

Related Stories

BIND holes mean big trouble on the Net
Microsoft crippled by S'Kiddies
Microsoft confirms Web site blackout
DNS trouble made Microsoft, Yahoo! unavailable

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.