Symantec Security Response is currently monitoring the confirmed DDoS attacks on Twitter and Facebook this morning
August 2009 by Symantec
Users visiting the Twitter and Facebook sites may notice a slowdown in service, or they may not be able to gain access to the site at all.
It is not known at this time if malware is involved in carrying out this attack, essentially causing computers worldwide, to aid in the attack. As a precautionary measure, Symantec encourages all computer users to update their security software with the latest definitions, keep their computer systems clean and continue to use general best practices for staying safe online.
We are continuing to monitor the situation. We have posted a blog here for perspective on DDoS attacks from Marian Merritt.
· Users visiting impacted sites may notice that performance is significantly slowed or that they cannot access the sites at all. However, some users may not notice any significant changes to the performance of their computer if infected with the malware that is carrying out this attack.
· To lessen the likelihood of your computer being used in a DDoS attack, it’s critical to keep security protection up to date. For enterprises, securing all endpoints — from laptops to mobile devices – can lessen the impact of a DDoS attack. With the number of Botnets in the threat landscape for rent, unsecured endpoints have the potential to become part of the larger DDoS attack and can be used to participate in phishing attacks and spread spam and distribute malware.
· Computer users are encouraged not to visit sites that are rumored to be under a DDoS attack for the sole purpose of seeing what happens. The increase of traffic will only delay access to the Web site and will prolong the attack.
· To help stop this DDoS, Symantec encourages all computer users to update their security software with the latest definitions, keep their computer systems clean and continue to use general best practices for staying safe online. Best practices include not using “free” security scans that pop up on many websites. All too often these are fake, using scare tactics to get you to purchase their “full service.” Consumers should also regularly back up their computer and check bank and credit card accounts to ensure all of their transactions are legitimate.
· Bots allow for a wide range of functionality and most can be updated to assume new functionality by downloading new code and features. Attackers can use bots to perform a variety of tasks, such as setting up denial-of-service (DoS) attacks against an organization’s website, distributing spam and phishing attacks, distributing spyware and adware, propagating malicious code, and harvesting confidential information from compromised computers that may be used in identity theft, all of which can have serious financial and legal consequences. Bots are also inexpensive and relatively easy to propagate.
· In 2008, Symantec observed underground economy advertisements for as little as $0.04 per bot. This is much cheaper than in 2007, when $1 was the cheapest price advertised for bots. Bot-infected computers with a decentralized bot C&C model are favored by attackers because they are difficult to disable, and most importantly, can be lucrative for their controllers. In one example, a botnet owner arrested in New Zealand admitted to earning $21,500over a two-year span from his activities.
· In 2008, Symantec observed an average of 75,158 active bot-infected computers per day (figure 6), a 31 percent increase from 2007. Symantec also observed 9,437,536 distinct bot-infected computers during this period, a 1 percent increase from 2007.