 |
 NetSky-Q worm launches distributed denial of service attacks against Kazaa and eDonkey
April 9, 2004
The worm attempts to flood the main Web sites of Kazaa and eDonkey with huge amounts of traffic starting on 8 April. Also it plans to attack some other sites including www.cracks.st, www.cracks.am and www.emule-project.net. File-sharing networks themselves won't be affected by the worm, only access to their Web sites.
NetSky-Q, which first appeared on 29 March, includes a message from the virus authors embedded within its code. The previously unknown "SkyNet Antivirus Team" from Russia claim that attacks are planned to educate users, and to prevent hacking and sharing of illegal content.
NetSky-Q exploits the Microsoft iFrame vulnerability to execute itself automatically on vulnerable machines. The flaw, now three years old, can be patched by security updates available from Microsoft.
Targeted sites have already begun to make preparations in advance of the anticipated onslaught. The eMule project has posted a notice advising users that its main site will be unavailable "because of the upcoming DDoS Attack against our servers" between 8 and 16 April. It advises users to visit a mirrored site - www.emule-project.org - during the attack.
eDonkey project has also moved to an alternative address because only its main server www.edonkey2000.com is attacked, it is still accessible by visiting http://edonkey2000.com. At the present time, both www.cracks.st and www.cracks.am were already unavailable and the only site that seems to have survived the onslaught is Kazaa.
Mikko Hypponen, director of antivirus research at F-Secure, said that even though the eDonkey and emule-project sites are online, because they are not accessible through their main Web address, most people will not be able to find them: "Most people that have bookmarked eDonkey and emule-project, or if they search for them on Google, will be directed to the "www" site, which fails. If you surf to a Web site and it fails, how many times do you try it again without the www?" he said.
Advice from security experts and anti-virus vendors follows a familiar pattern: block executables files at the gateway, don't open unsolicited email attachments, update virus lists, apply patches, and, of course, use a personal firewall.
|
|
