The Domain Name System acts as an address book for the
internet.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have
challenged internet users as to whether they unwittingly played a
part in last night's major attack against key root servers which
form the backbone of the internet.
Sophos experts suggest that users' computers are likely to have
been taken over by hackers to create zombie networks or 'botnets',
in order to bombard the internet's Domain Name System (DNS) servers
with traffic. They note that while the computer owners may have
been unaware that their PCs were compromised, had the attack been
successful then all website access and email delivery would have
been suspended globally.
"These zombie computers could have brought the web to its knees,
and while the resilience of the root servers should be commended,
more needs to be done to tackle the root of the problem - the lax
attitude of some users towards IT security," said Graham Cluley, senior
technology consultant at Sophos. "Society is almost totally reliant
on the internet for day-to-day communication - it's ironic that the
people who depend on the web may have been the ones whose computers
were secretly trying to bring it down."
Root servers, which manage the internet's Domain Name System,
help to convert website names such as amazon.com to their numeric
IP address - essentially acting as an address book for the
internet. UltraDNS, which manages traffic for websites ending with
the suffix .org and .info, confirmed that it had witnessed an
unusual increase in traffic. In all, three of the 13 servers at the
top of the DNS hierarchy are said to have felt the impact of the
attack, although none are thought to have stopped working
entirely.
"If the DNS servers were to fall over then pandemonium would
ensue, emphasising the importance of properly defending all PCs
from being taken over by hackers," continued Cluley. "A
denial-of-service attack like this swamps web-connected servers
with traffic from many computers around the globe. It's a bit like
twenty hippos trying to get through a revolving door at the same
time - there's no route through and everything clogs up.
Fortunately the system is designed to be extremely resilient to
these kind of attacks, and the average man in the street won't have
noticed any impact."
Some reports have suggested that much of the attack traffic may
have come from computers based in South Korea. However, the
motivation for the attack remains unclear.
"The hackers responsible for this attack may have been doing it
through mindless malice rather than have had financial reward in
mind," continued Cluley. "Whatever the motives of the people
responsible for this assault, everyone needs to properly defend
their PC from being taken over by hackers and used for criminal
purposes."
According to reports, last night's incident was the most
significant attack against the DNS backbone since October 2002.
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the company's reputation, but
can also cause the business's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos recommends that computer users ensure their anti-virus
software is up-to-date, and that companies protect themselves with
a consolidated solution which can defend
them from the threats of spam, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.