Thursday, August 6, 2009

Are you contributing to the Twitter Denial of Service Attack?

Twitter has been dealing with a denial of service attack this morning that has resulted in millions of users not receiving or posting tweets.

These days denial of service attacks typically are launched from botnets--large numbers of consumer PCs that have been infected with Trojans that wait to do the bidding of the "bot-herders" who manage them. The users of these machines may not know anything is wrong other than, "Gee, the Internet seems slow today." Their Internet is slow because their computer is sending lots of traffic to the targeted site, in this case twitter.com. The bot-herders collect infected machines and then rent them out. Twitter is such a high profile site, it may be just a bot-herder or one of their customers wanting to show off the power of their bot net.

Is your computer a member of one of these botnets? It's not easy for the average Internet user to find out. Seeing rapidly blinking lights on your cable modem even if you aren't using your computer may suggest something is going on. But it could just be an updater downloading a new Firefox or operating system patch.

You may not be too worried about the state of Twitter. But you should Know that botnets can be told to do many things. They can be instructed, for example, to download keyloggers or other data stealing malware. The stolen data is then shipped off to collection servers where the bad guys can then use your bank username and password to steal money.

Keep your antivirus up to date and perform a full scan if you're a little concerned.

Download and use SafeCentral if you want to bank and shop without the worry. SafeCentral users talk about this stuff here: community.safecentral.com.


Update:

It may be coincidental, but we saw a large increase yesterday in our virus-collection network. We received 200 times the normal average of emails with malicious attachments. One node, for example, went from 10 items to 2000 in a day. These were phony emails telling random recipients that a UPS parcel could not be delivered and asking the reader to "print out the attached invoice". The attachment was not an invoice, it was a trojan.

Example of the email. Do not open the attachments in these emails if you get one!

No comments: