A botnet comprised of about 50,000 infected computers has knocked out the websites of several government agencies, and caused headaches for businesses in the US and South Korea.
The attack started Saturday, and security experts have credited it with knocking the US Federal Trade Commission's (FTC's) website offline for parts of Monday and Tuesday. Several other government websites have also been targeted, including the US Department of Transportation (DOT).
"The DOT has been experiencing network incidents since this past weekend. We are working with the US Computer Emergency Readiness Team [US-CERT] at this time," a DOT spokeswoman said on Tuesday.
A spokeswoman for the US Department of the Treasury confirmed that the Treasury's website had been hit with a denial-of-service attack. "We're working with our service provider to mitigate the impact," she said.
A spokeswoman for the FTC could not say what caused the outage at that agency's Web site, and the US-CERT did not return calls seeking comment.
Other targets have included banking websites in Korea, US Bancorp, the US Secret Service, the US Department of Homeland Security, the US Department of State, the White House, the US Department of Defense, the New York Stock Exchange, the Nasdaq and the Washington Post, according to security researchers studying the incident.
The attack, while powerful, is not particularly sophisticated and appears to be more of a nuisance than a threat to security. It uses a variety of well-known distributed denial of service (DDoS) attacks that try to overwhelm Web sites with useless requests and make them unavailable for legitimate users, security experts say. Most of the targeted sites appeared to be working normally on Tuesday.
Such DDoS attacks are relatively common, but a few things make this week's incident unusual. The botnet code behind the attack does not use typical antivirus evasion techniques and does not appear to have been written by a professional malware writer, according to Joe Stewart, a researcher with SecureWorks who has looked at the code.
Consuming 20 to 40 gigabytes of bandwidth per second
On Saturday and Sunday the attack was consuming 20 to 40 gigabytes of bandwidth per second, about 10 times the rate of a typical DDoS attack, one security expert said after being briefed by the US-CERT on Tuesday. "It's the biggest I've seen," said the expert, who asked not to be identified because he was not authorized to discuss the matter. By Tuesday it was averaging about 1.2 gibabytes per second, he said.
Security experts estimate the size of the botnet at somewhere between 30,000 and 60,000 computers.