The main Web site of file-sharing network eDonkey has been knocked offline
following an attack from NetSky, but Kazaa has survived--so far.
Earlier this week, the Kazaa and eDonkey sites, as well as three other
file-sharing sites, were bracing for a distributed
denial-of-service (DDoS) attack expected to be launched by variants of the
NetSky worm. NetSky.Q, which first appeared March 29, is designed to attack
certain Web sites that distribute file-sharing clients, as well as sites that
distribute hacking and cracking tools. Kazaa and eDonkey are the worm's
best-known targets. The attack is scheduled to last at least six days.
However, because the worm only attacks the main eDonkey site, the service is
still accessible at another
Another target, eMule, has also experienced severe disruption and in
preparation has mirrored its
site to another
address. At the time of this writing, one of the Crack Web sites,
www.cracks.am, was unavailable, and another, www.crack.st,
had been unavailable earlier. Kazaa's Web site seems to be the only one of
Netsky's targets to have survived the first day of the attack unscathed.
Mikko Hypponen, director of antivirus research at F-Secure, said that even
though the eDonkey and eMule Project sites are online, most people will not be
able to find them because the sites are not accessible through their main Web
"Most people that have bookmarked eDonkey and eMule Project, or if they
search for them on Google, will be directed to the 'www' site, which fails," he
said. "If you surf to a Web site and it fails, how many times do you try it
again without the www?"
Hypponen said NetSky's authors seem to have learned a lesson from the
mistakes made by the author of the MSBlast worm, also known as Blaster, which
last summer launched a massive DDoS attack on Microsoft's Windows Update Web
site. However, unlike NetSky, Blaster attacked the lesser-used Web address.
"Blaster was stupid--it attacked the Web site that most people would not
use," he said. "It only attacked http://windowsupdate.com, not
www.windowsupdate.com. NetSky is attacking the address that most people would
Munir Kotadia of ZDNet
UK reported from London.