Back at the Hall of Justice

And some are being used to extort money from the websites and servers of companies they are targeting, or, to a larger extent, they are using these DOS attacks to take competitors offline. Boy, I tell you, what comes to mind is a signature from a friend on a message board at Abestweb.com, Donuts always had this as his signature, “Using technology doesn’t change the nature of a pickpocket criminal, it only scales its reach.” and it is so true. More and more criminals are coming online because they see the easy cash they can make legally and illegally.

Unlike past attacks, which use tens of thousands of compromised computers to deluge a Web server or network with data, the latest attacks came from a collection of computers running peer-to-peer software known as DC++. The software is based on Direct Connect, a protocol which allows the exchange of files between instant messaging clients.

While the file-sharing network is distributed, the directories of where to find certain files resides in a few servers, known as hubs. Older versions of the hub server software have a flaw that allows an attacker to direct clients to get information from another server, said Fredrik Ullner, a developer for the DC++ project and an computer-science undergraduate at Sweden’s Lund Institute of Technology. Maliciously redirecting those client results in a large number of computers continuously demanding data from the victim’s Web server, overwhelming it with requests. Source: Peer-to-peer networks co-opted for DOS attacks

This is based on Direct Connect, a protocol that allows instant messaging clients to exchange files with each other, and, because so few upgrade when they really need to, there are quite a few servers out there running the old code that is allowing them to exploit this vulnerability. AND, even if everyone upgraded to the latest version of the software, these groups could just as easily create their own servers and once they have enough clients, launch the attacks again. They are quoted as saying it is difficult to impossible to fix. Prolexic, a firm the companies had employed to block these attacks, say they have a solution to defend against the attacks, but of course, did not release exactly how they would defend against it.