Press Releases

Browse our press release archive

02 May 2006

Vietnamese denial of service hacking suspect arrested

DDoS attack made auction website inaccessible

The Vietco website was hit by a denial of service attack
The Vietco website was hit by a denial of service attack.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, are welcoming news that a man has been arrested in Vietnam for launching a distributed denial-of-service (DDoS) attack against a commercial website. The attack on Vietco's website caused huge losses to the company, which was forced to draft in 40 emergency technicians and left computer users unable to access the site.

Nguyen Thanh Cong is suspected of beginning an attack on the Vietnamese e-commerce site, www.vietco.com, in March 2006. The website, which has 67,000 regular members, auctions cell phones and other consumer electronics products. It operates in a similar way to eBay, which launches in Vietnam later this year.

Cong faces charges for creating a Trojan horse that exploited a flaw in Microsoft's Internet Explorer. The Trojan horse, which is said to have been planted on a pornographic website, turned unpatched computers into zombie PCs which were then ordered to repeatedly hit the Vietco site - overwhelming its servers.

Cong first gained notoriety as a member of the "Be yeu" (lovely baby) hacker group and was nicknamed "DantruongX". Police are also investigating suspected links between Cong and a gang forging ATM cards.

"The malicious attack on Vietco's website caused serious financial damage to the company and major inconvenience to innocent computer users. This arrest will come as a relief to law abiding web users and acts as a strong warning to other would be hackers," said Graham Cluley, senior technology consultant at Sophos. "The Vietnamese police should be commended for taking action, but authorities must also educate the general public about safe computing to better combat the increasing sophistication of internet hackers."

Cong's arrest comes hot on the heels of the first virus writer convictions in Vietnam. Last month, two brothers were found guilty of distributing the 'Gai Xinh' (Pretty Girl) virus, which infected more than 20,000 computers. The pair received fines of 630 US dollars.

Elsewhere in the world, a Spanish hacker was sentenced to two years in jail for a DDoS attack which affected three million internet users.

"Hackers typically use DDoS techniques as a way to blackmail websites, as we saw with the recent headline grabbing Millionaire Dollar Homepage attack," said Cluley. "Whatever the motivation, these are serious crimes and the perpetrators must be punished accordingly."

Sophos continues to recommend that companies protect their email with a consolidated solution to thwart the virus, spyware and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.