Netsky damages four sites
Summary
Topics
Earlier this week, file-sharing Web sites Kazaa and eDonkey and three other Web sites were bracing themselves for a distributed denial of service (DDoS) attack launched by variants of the Netsky worm.
Netsky.Q, which first appeared on March 29, is designed to attack certain Web sites that distribute either file-sharing clients or hacking and cracking tools. Kazaa and eDonkey are its best-known targets and the attack is scheduled to last for at least six days.
However, because the worm only attacks the main www.edonkey2000.com address, it is still accessible by visiting http://edonkey2000.com. Another target, www.emule-project.net, has also experienced severe disruption and in preparation has mirrored its site to www.emule-project.org. At the time of writing, both www.cracks.st and www.cracks.am were unavailable. Kazaa's Web site seems to be the only one of Netsky's targets to have survived the first day of the attack unscathed.
Mikko Hyppönen, director of antivirus research at F-Secure, said that even though the eDonkey and emule-project sites are online, because they are not accessible through their main Web address, most people will not be able to find them: "Most people that have bookmarked eDonkey and emule-project, or if they search for them on Google, will be directed to the "www" site, which fails. If you surf to a Web site and it fails, how many times do you try it again without the www?" he said.
Hyppönen said Netsky's authors seemed to have learned a lesson from the author of the Blaster worm, which last summer launched a massive DDoS attack on Microsoft's Windows Update Web site. It attacked a lesser-used Web address while "Netsky is attacking the address that most people would surf to," he said.
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
