DNS root server attack launched from Germany

DNS root server attack launched from Germany

Summary: According to a published report, the recent attack against the DNS root servers was launched from a host server in Germany that controlled millions of zombie machines in South Korea

SHARE:
The distributed denial-of-service attack against the DNS root servers earlier this month was launched from a host server in Germany that controlled millions of zombie machines in South Korea, according to a report in The Korea Times.

Details of the cross-continent attack, which almost took out three of the 13 official root DNS servers are beginning to surface with South Korea's ministry of information and communication confirming that a host server in Coburg, Germany ordered hijacked Windows machines in Korea to stage the attacks.

"In other words, Korean computers affected by viruses made raids into the root servers as instructed by the German host server. Many of our computers acted like zombies,'' said Lee Doo-won, a director at the ministry.

According to data from the North American Network Operators' Group, more than 60 percent of the problematic data was traced to South Korea, a country one of the highest broadband penetration rates in the world.

According to Arbor Network's ATLAS portal, South Korea hosts the second highest number of botnet command-and-control servers that are used to launch spam runs, host exploit sites and launch DDoS attacks.

Topics: Security, Networking, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • botnets are very interesting ecosystems

    Back about 5 years ago when they were first emerging, i experimented with a bot named "evilbot". I infected a few of my own test computers and then controlled them via a subseven IRC server chat room. At the time, i ran into a few other people distributing the bot intermixed with small exe files and zip files. Many of the sites they referred to are here one day and gone the next, its very much like a cat and mouse game and therefore extremely hard to track.

    I was very impressed by the whole system and the bot controls. Although i never deployed the bot to anyone else, i saw the potential for power and abuse and the worse part is, the more you have, the more dangerous you are. The more troubling part of the whole bot scene was the methods recently employed to distribute the bots via compromised webservers. Although it was a genius move, i am sure someone will find even more efficient ways to deploy them, if they havent already.

    My message to the general population: upgrade to xp with service pack 2, enable the firewall, get all the updates, buy a 50 dollar hardware firewall, and finally buy anti-virus software and setup the updates to update everyday. Heck some isp's offer free anti-virus, call them and ask. If everyone does their part, botnets can be easily eliminated.
    Been_Done_Before
    • Or by an OS that doesnt do bot's

      NT
      mrlinux