/>
X

NetSky onslaught: Four sites down, one to go

All but one of the five Web sites targeted by the worm's denial-of-service attack have been knocked over or had to change their Web address to remain accessible.
munir-kotadia.jpg
Written by Munir Kotadia, Correspondent on
The main Web site of file-sharing network eDonkey has been knocked offline following an attack from NetSky, but Kazaa has survived--so far.

Earlier this week, the Kazaa and eDonkey sites, as well as three other file-sharing sites, were bracing for a distributed denial-of-service (DDoS) attack expected to be launched by variants of the NetSky worm. NetSky.Q, which first appeared March 29, is designed to attack certain Web sites that distribute file-sharing clients, as well as sites that distribute hacking and cracking tools. Kazaa and eDonkey are the worm's best-known targets. The attack is scheduled to last at least six days.

However, because the worm only attacks the main eDonkey site, the service is still accessible at another eDonkey address.

Another target, eMule, has also experienced severe disruption and in preparation has mirrored its site to another address. At the time of this writing, one of the Crack Web sites, www.cracks.am, was unavailable, and another, www.crack.st, had been unavailable earlier. Kazaa's Web site seems to be the only one of Netsky's targets to have survived the first day of the attack unscathed.

Mikko Hypponen, director of antivirus research at F-Secure, said that even though the eDonkey and eMule Project sites are online, most people will not be able to find them because the sites are not accessible through their main Web address.

"Most people that have bookmarked eDonkey and eMule Project, or if they search for them on Google, will be directed to the 'www' site, which fails," he said. "If you surf to a Web site and it fails, how many times do you try it again without the www?"

Hypponen said NetSky's authors seem to have learned a lesson from the mistakes made by the author of the MSBlast worm, also known as Blaster, which last summer launched a massive DDoS attack on Microsoft's Windows Update Web site. However, unlike NetSky, Blaster attacked the lesser-used Web address.

"Blaster was stupid--it attacked the Web site that most people would not use," he said. "It only attacked http://windowsupdate.com, not www.windowsupdate.com. NetSky is attacking the address that most people would surf to."

Munir Kotadia of ZDNet UK reported from London.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
This stuff is better than compressed air for cleaning your dirty tech
img-6864

This stuff is better than compressed air for cleaning your dirty tech

Office Hardware & Appliances
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development