UltraDNS suffers attack, Amazon affected
Published: 2009-12-28


Domain-name service (DNS) provider UltraDNS was targeted with a denial-of-service attack two days before Christmas, leaving some last-minute shoppers reportedly unable to connect to major retailers such as Amazon and Wal-Mart for a brief period.

Around 4:45 pm PT, UltraDNS noticed "an abnormal spike in queries," which it identified as a denial-of-service (DoS) attack, Allen Goldberg, vice president of corporate communications at Neustar -- UltraDNS's parent company -- said in a statement. The attack only affected Web surfers in the Northern California area and lasted less than an hour, the company stated.

"We analyzed the patterns and were able to place mitigation measures in place within minutes of identifying the attack," Neustar said in the statement sent to SecurityFocus. "We had everything under control well under an hour."

The attack caused connectivity issues with Amazon and its Web services, according to media reports.

The attack is the second in as many weeks that targeted a critical piece of the Internet's infrastructure, the domain name system (DNS). The week before Christmas, Twitter suffered an outage after an attacker with access to the company's DNS account changed its settings, rerouting visitors to a defacement page.
http://www.securityfocus.com/

Yeah we had two DOS attack on our network over xmas. One word....China!

You work for Cisco right BE?

You work for Cisco right BE?

LOL... in my DREAMS! But that is my goal, Cisco TAC!!

I work for a UK ISP.

Monster botnet held 800,000 people's details

The Mariposa botnet had the power to dwarf Georgia and Estonia cyberattacks if it had been used to launch denial of service attacks, say Spanish police.
http://adserver.securityfocus.com/RealMedia/ads/Creatives/default/empty.gif (http://adserver.securityfocus.com/RealMedia/ads/click_lx.ads/www.securityfocus.com/news/486705868/x30/default/empty.gif/33623565363339363462393865353830) http://adserver.securityfocus.com/RealMedia/ads/adstream_nx.cgi/www.securityfocus.com/news@x30 (http://adserver.securityfocus.com/RealMedia/ads/click_nx.cgi/www.securityfocus.com/news@x30)
The Mariposa botnet had the power to dwarf Georgia and Estonia cyberattacks if it had been used to launch denial of service attacks, say Spanish police.
Months of investigations by the Guardia Civil in Spain, the FBI and security firm Panda Security and Defence Intelligence led to the takedown of the 12.7 million strong zombie network in December and the arrest of three suspects in Spain two months later.
At a press conference announcing the operation in Madrid on Wednesday, Spanish police said they recovered the personal details of 800,000 people from systems recovered from three alleged cybercriminals. This cache of stolen information includes bank login credentials from businesses and consumers as well as email passwords.
Three Spanish residents suspected of running the botnet have been charged with online offences: the most senior alleged botmaster, nicknamed “Netkairo”, 31, from Balmaseda in the spanish province of Vizcaya, as well as his two alleged lieutenants JPR, 30, from Molina de Segura Murcia and JBR, 25, from Santiago de Compostela in La Coruña. None of the suspects have been named at this stage of proceedings.
In a statement (in Spanish here (http://www.guardiacivil.org/prensa/notas/win_noticia.jsp?idnoticia=2776)), Guardia Civil officers said they were also on the trail of a fourth suspect nicknamed Phoenix, who's possibly based in Venezuela.
Defence Intelligence discovered the botnet last May and formed a team that brought in security experts from Bilbao-based Panda and computer scientists at Georgia Tech Information Security Center. Security researchers infiltrated the botnet's command and control systems, learning enough to mount a successful takedown operation in cooperation with ISPs on 23 December.
Netkairo responded to this by launching a retaliatory denial of service attack against Defence Intelligence that took out customers at a Canadian ISP for several hours. In wrestling to obtain control of the botnet he made the mistake of connecting to compromised systems using his home PC, a mistake that led to his identification (as explained in our earlier story on the takedown operation (http://www.theregister.co.uk/2010/03/03/mariposa_botnet_bust_analysis/)).

12m zombies!!!

Motto, don't use P2P. :)