08.07.09

^{Gemini version available ♊︎}

Microsoft Windows Zombies Also Knocked Facebook and Gawker Offline, More “Critical” Microsoft Flaws Discovered

Posted in Microsoft, Security, Windows at 9:41 am by Dr. Roy Schestowitz

Summary: More victims of Windows botnets abound; Microsoft discloses 5 new remotely-exploitable vulnerabilities

LAST NIGHT we wrote about Twitter's injury from Windows zombies. Twitter was not alone however; now that the Web is saturated with Windows botnets, anyone with an axe to grind can take Web sites of choice offline. A decade or so ago even Yahoo! was a victim, so our own suffering is very minor in comparison (but increasingly common). According to the BBC, Facebook is another new victim.

Denial-of-service (DOS) attacks take various forms but often involve a company’s servers being flooded with data in an effort to disable them.

The Register reports that Gawker too is a victim.

New York-based media news and gossip blog network Gawker is recovering from a debilitating denial of service attack.

SJVN wrote a good essay on how Twitter was killed by Windows botnets.

DDoS attacks are hard to beat. While some Twitter fans are claiming that this is the biggest DDoS attack ever, I’m inclined to doubt it. Twitter, even though its performance has gotten much better, has often teetered on the edge of collapse due to the enormous load its users put on its social network infrastructure. No, the DDoS attack on Google earlier this year was probably still the worst attack on record.

How is this happening? Well, let me tell you. Today’s DDoS attacks are made by Windows-powered botnets. They’re not terribly sophisticated about these attacks. The last major one, which may or may not have come from North Korea, was driven by MyDoom, Windows malware from 2004.

[...]

Russians already successfully attacked Estonia’s Internet infrastructure in 2007. With Windows botnets growing by leaps and bounds, it’s easier than ever for governments or even just a handful of people to knock out major Web sites like Twitter.

I’ve said it before, I’ll say it again. Thanks to Windows’ security weaknesses, botnets are now commonplace and we can only expect to see more DDoS attacks in the future.

One person believes that he knows who was behind the attack (and its motives), being the botmaster or the leader of several.

As Twitter struggled to return to normal Wednesday evening, a trickle of details suggested that the outage that left 30 million users unable to use the micro-blogging service for several hours – at least in part – may have been the result of a spam campaign that targeted a single user who vocally supports the Republic of Georgia.

Windows has become an expensive and dangerous political tool. Based on this new report from Heise, change is nowhere near.

Microsoft to patch nine security vulnerabilities on Patch Tuesday

Five of the security updates reportedly patch critical vulnerabilities that could lead to remote code execution in Windows and a variety of other software.

Here is a couple more that are new. █

“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

–Jim Allchin, Microsoft

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.