All the latest UK technology news, reviews and analysis
|
|
|
01 Feb 2001
A hacker has duped the moderator of the Bugtraq information security mailing list, which has 85,000 members, into distributing code that launched a denial of service attack against security vendor Network Associates (NAI).
An anonymous posting sent to the Bugtraq list overnight appeared to be a new script that can be used to exploit vulnerabilities discovered earlier this week in BIND (Berkeley Internet Name Domain), the software that runs much of the internet's domain naming system.
However, if a user downloaded the script to their computer and ran it, a data string within the code would launch a denial of service attack against NAI.
Bugtraq contributor Matt Lewis raised the alarm. "The Bind 8 Exploit sent to Bugtraq users by 'nobody@replay.com' is a trojan, as I'm sure many have found out at this point," he said in a posting to the mailing list.
"You can see the IP address for dns1.nai.com listed in the shell code included with the file. It forks off many copies of itself and violently attacks NAI's nameserver. How did this get approved? Did anyone test it or review it?" he added.
Chris McNab, network security analyst at security consultancy MIS, who came across the code on the BugTraq list last night, said: "We were testing it, and realised it is actually a clever trojan. It looks like an exploit script, but once it is downloaded and compiled, it sends off evil packets of data to NAI in a denial of service each time it is run."
McNab estimated that up to 25 or 30 per cent of Bugtraq's 85,000 readers may have tested the exploit and thus triggered a denial of service attack against NAI's website.
However, NAI said that despite the attack, their website remained intact. Douglas Hurd, business development manager for security products at the company, said: "Our website and internet connection were attacked, but no penetration took place and nothing died or went down. It could have affected availability but I haven't heard that it did. It was a denial of service attack similar to those which hit websites like Yahoo last year."
"We detected the attack as it happened and were able to contain it within 90 minutes. We have good defences, the ability to detect attacks and could execute a pre-determined response," he added.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
2nd & 3rd Line CRM Support Analyst / MS CRM Systsems...
Digital Insight Manager, Hertfordshire, £28,000. An...
Enterprise / Solutions Architect. Salary £60,000 - £90...
Business Intelligence Developer - Leeds. Salary £35,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?