By Kelly Jackson Higgins
Aug 26, 2010
A new botnet built for knocking websites offline has attacked mostly
Chinese and some U.S. sites, according to researchers.
About 90 percent of the command and control servers running YoyoDdos,
the nickname given the botnet by researchers at Arbor Networks who have
been studying and tracking it, have IP addresses in China, and
two-thirds of its victim websites are out of China. The botnet has
attacked around 180 websites so far, including 32 in the U.S.
"It is a pretty active botnet," says Jeff Edwards, a research analyst
with Arbor who has been analyzing the botnet, which first appeared in
Arbor's honeypot servers back in March. "We've detected a lot of attacks
coming out of it ... [around] ten unique victims a day."
The malware itself isn't particularly sophisticated, however. "It's
pretty typical of a lot of malware we see," he says. "It's a fairly
non-sophisticated piece of malware, but effective."
Subscribe to InfoSec News - www.infosecnews.org