Gambling site brought to its knees by 'unstoppable' botnet

Gambling site brought to its knees by 'unstoppable' botnet
Gambling site brought to its knees by 'unstoppable' botnet,39024655,39170296,00.htm 

By Nick Heath
6 March 2008

A major UK gambling business has warned that all commercial websites are 
at risk from a new type of unstoppable and undetectable botnet denial of 
service attack.

Gala Coral ecommerce's gambling sites were taken down for almost 30 
minutes by the next generation 10Gb distributed denial of service (DDoS) 
attack, delegates at the e-crime congress in London were told this week.

Attackers disguised the build up of traffic from up to 30,000 PC and 
Apple Mac botnet computers during the attack by analysing and 
reproducing the browsing habits of the sites' typical users.

Peter Bassill, information security officer with Gala Coral ecommerce, 
said attackers spent about four months infiltrating the sites ahead of 
the attack last year, using stolen credit card details to open the 
thousands of accounts needed to generate the huge volume of web traffic 
to swamp Coral's servers.

More worrying, during a second attack the botnet blocked attempts by the 
websites to stop them using a port firewall while continuing sending out 
data to carry on the attack.

Bassill said: "This is a very worrying step we have seen in botnets, we 
have no way of responding to this without working with law enforcement. 
The attacks will come from many hosts in small volumes and they are 
going to be very hard to spot.

"If they can do that to us, a large gaming company, than think what they 
could do it they find a way to target companies like BT or the nuclear 
power industry."

Bassill said DDoS attacks brought its websites down about twice per year 
and attacks were often preceded by demands for more than $100,000.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods