Pizza DDoS attack resumes
As previously reported, the Miner botnet has recently switched its focus to carrying out distributed denial-of-service (DDoS) attacks on web sites in Germany. The primary targets include pizza delivery services such as pizza.de and estate agency sites. Following a brief cessation of hostilities, readers have reported that the botnet resumed its attack at around 7.00 p.m. GMT on Thursday evening.
More than 100,000 botnet clients have been making mass page requests, with the aim of overloading servers so that they are not accessible for normal requests. These requests are easily recognised in log files from their characteristic user agent strings; for example many have the language set to 'ru'.
Kaspersky's Tillmann Werner has confirmed the existence of a new wave of attacks. The list of sites targeted by HTTP flooding attacks remains the same; just one new target has been added to the UDP flooding list. Some of the affected web sites have taken firm steps to keep their servers up and running. Some have implemented upstream routers to filter out queries from all non-German IP addresses. Although this could block some legitimate users, such web sites will at least remain accessible to the majority of users.
A description of a denial of service attack from the victim's perspective can be found in the article CSI:Internet - Living in SYN.