http://news.cnet.com/8301-27080_3-20004855-245.html By Elinor Mills InSecurity Complex CNet News May 12, 2010 Researchers have uncovered a botnet that uses compromised Web servers instead of the usual personal computers to launch denial-of-service (DoS) attacks. Security firm Imperva said on Wednesday it uncovered a botnet of about 300 Web servers after one of its "honeypot" servers was used in an attack and based on a search of attack code via Google. Web servers were commonly used in such attacks a decade ago but had been replaced by the more ubiquitous Windows-based PCs, said Amachai Shulman, chief technology officer at Imperva. In the DoS attack Imperva observed, two Web servers were targeting an unnamed hosting provider based in The Netherlands, he said. The hosting provider was aware of the situation, Shulman said. It appeared that the Web servers were being compromised with code that exploits a vulnerability in PHP, a computer language used for processing Web pages, and it can affect servers running Apache, Microsoft Internet Information Services (IIS), or other server software, he said. The attack employs a simple user interface that allows someone to specify the victim's IP address and port as well as the how long the attack should last. The information is submitted on a form that includes a message in Indonesian that says "don't use it on your friends," according to a screenshot provided by Shulman. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Wed May 12 2010 - 22:15:59 PDT
This archive was generated by hypermail 2.2.0 : Wed May 12 2010 - 22:36:25 PDT