U.S., South Korean cyber attacks no more harmful than spam, experts say
Last Updated: Friday, July 10, 2009 | 6:06 PM ET
CBC News
Consumers around the globe have been caught up in cyber attacks targeting U.S. and South Korean websites, some coming from unknowingly infected computers that have jammed sites for legitimate users.
They're called denial-of-service attacks, and they began around July 4, slowing some websites in both countries to a crawl.
"A lot of the computers that are infected with this are probably from machines where the owners may not even be aware," said Dennis Fisher of Kaspersky Lab Americas, an antivirus and Internet security company, Friday.
In the United States, websites belonging to the Department of Homeland Security and Defence Department and the Federal Trade Commission came under attack and were slowed.
Websites operated by Nasdaq, the New York Stock Exchange and the Washington Post also were attacked.
"Denial-of-service attacks in general are a kind of nuisance-type attack," said Fisher, who is in charge of consumer education.
The infected personal computers are programmed to contact particular websites over and over until their servers are overwhelmed.
There's some evidence that malware has been downloaded from North Korea, but it doesn't mean the attacks have come from there, said Fisher, speaking from the Boston area.
Most cyber attackers are after money and personal information, but these denial of service attacks "just seem to be someone messing around right now," he said.
Security analyst James Quin said he believes the attackers are likely people who are "looking to raise a certain amount of profile for a cause" rather than professional hackers.
But denial-of-service attacks are effective because there's not much consumers can do to protect themselves, Quin said.
"It impacts the sites you are concerned about and want to go see," said Quin of Info-Tech Research, based in London, Ont.
"It limits the ability of consumers to come to the website."
Symantec, maker of the Norton antivirus software, said part of the current attack is being carried out by a piece of malware identified as W32.dozer, often distributed through email attachments.
Symantec said it has discovered a new threat with the W32.Dozer that contains code to instruct infected systems to delete files on computer hard drives and essentially prevent them from working when rebooted.
The attack is also being carried out by variants of the MyDoom worm, which has been around for about five years. It has been reported that the attack has involved more than 50,000 computers worldwide, Symantec said.
Fisher said the Internet has been a busy place for attacks in a normally slow summer period.
"It is sort of a weird combination of things going on right now which has led to a lot of speculation about it being a broader plan by someone or some country or entity," he said.
While the denial-of-service attacks are an "annoyance," said Quin, they're probably no more harmful than spam.
Symantec also reported Friday that about 90 per cent of global email messages in June were spam.
Pop singer Michael Jackson's death on June 25 was the subject of a number of spam campaigns but was less than one per cent of all spam attacks, said Dermot Harnett, principal analyst for anti-spam engineering at Symantec in San Francisco.
"But it's still quite interesting to see how quickly the spammers really jumped on this and within a few hours, started sending out their spam attacks using his name," Harmett said.
