Feeds

DDoSers attack DoubleClick

And now for an ad break

  • alert
  • submit to reddit

Top three mobile application threats

Internet ads firm DoubleClick was the victim of a distributed denial of service attack yesterday.

A flood of malicious traffic from a network of zombie machines reduced DoubleClick's ability to serve ads over the Web, affecting many of its high-profile customers. Services have now been restored to normal. But at the height of the assault yesterday afternoon (UK time) the availability of Web pages featuring ads served by DoubleClick was severely reduced.

Website hit particularly hard included Nortel Networks, Gateway, CNN.com and Schwab.com and The Washington Post. Admins had to stop DoubleClick's ads from running on their sites in order to make the rest of their content accessible. DoubleClick's own website was also hit by the assault.

DoubleClick spokeswoman Jennifer Blum said the attack targeted the firm's domain name servers (DNS) causing "severe service disruptions" for all 900 customers, the The Washington Post reports. The attack ran from approximately 10:30 EDT to 14:00 EDT.

The Washington Post compares the assault on DoubleClick to a recent brownout of sites served by content distribution firm Akamai. Akamai blamed a software glitch for problems that rendered a variety of high-profile websites and services temporarily unavailable for approximately 90 minutes on 24 May. A better comparison for the attack against DoubleClick might be a DDoS assault against Internet payments firm WorldPay last November.

Many such attacks originate from a network of hosts compromised by viruses such as MyDoom and Phatbot. These turn infected machines into zombie drones under the control of virus writers or their accomplices. Owners of these zombie PCs are often ignorant of the involvement of their computers in attacks, which are growing more sophisticated.

A simple DDoS attack is relatively straightforward to block, but some tools allow hackers to launch 'mutating attacks' against targeted systems. By running through a spectrum of attacks it's possible to keep a site locked down for hours, or even days. ®

Related stories

Search drives US online ad sales
WorldPay fights 'massive, orchestrated' attack
WorldPay recovers from massive attack
Akamai software glitch provokes Web brownouts
Cybercops seize Russian extortion masterminds (suspects in DDoS attacks against online bookies)
Bagle copycat builds Zombie attack network
Phatbot arrest throws open trade in zombie PCs
Microsoft attack worm rides on the back of MyDoom

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.