FortGuard's Blog - Articles

New style of DNS amplification can yield powerful DDoS attacks

a@b.com (fortguard) — Thu, 05 Feb 2009 17:32:26 +0800

New style of DNS amplification can yield powerful DDoS attacks

Angela Moscaritolo February 04, 2009

A new class of distributed denial-of-service (DDoS) attacks...

Defenses against DDoS strengthening: survey

a@b.com (fortguard) — Fri, 28 Nov 2008 12:26:23 +0800

Defenses against DDoS strengthening: survey

Results warn of increasing dangers of highly sophisticated attacks at speeds of up to 24 Gbps

By Brad Reed , Network World , 09/17/2007

...

Storm Worm DDoS Attack

a@b.com (fortguard) — Fri, 28 Nov 2008 11:54:08 +0800

Storm Worm DDoS Attack

Author: Joe Stewart

A number of anti-spam websites came under a distributed denial-of-service attack on January 12, 2007. The trojan responsible for the attack was one of several dropped onto systems infected by a seeding of the email virus which later came to be called "Storm Worm", also W32/Small.DAM and Trojan.Peacomm.

...

MS08-067 Used to Drop DDoS Bots

a@b.com (fortguard) — Fri, 28 Nov 2008 11:42:57 +0800

Posted on Monday, November 3rd, 2008

MS08-067 Used to Drop DDoS Bots

by Jose Nazario

Earlier today we were informed about a bot that we’ve seen before, KernelBot, being dropped by an exploit tool for MS08-067. The exploit code is “67.exe”, and the bot itself is “6767.exe”. KernelBot is a Chinese origin DDoS bot run by someone we think uses the handle IceKernel; he even names his project KernelBot: d:\Works\KernelBots_Up28\Server\Release\Server.pdb. We first became aware of this bot during the CNN.Com attacks earlier this year; some researchers we were working with brought it to our attention. Since then we’ve been watching this guy’s activities and seen a handful of DDoS targets, but most of them are Baidu. It’s nice to see most of the AV vendors have finally caught up and added detection.