News Ticker

How hackers likely attacked Georgian websites

Georgian government websites have been under attack, making it difficult or impossible for users to access several sites – including that of the country’s president.

The attacks, according to the New York Times, started “weeks before physical bombs started falling on Georgia,” and the Georgian president’s site was difficult or impossible to access on Tuesday afternoon, even though the site moved from the country of Georgia to an Internet service provider in the state of Georgia, in the United States.

“This is a classic denial of service attack (DOS),” said Steve Gibson, president of Gibson Research and a leading security expert.

In an interview, Gibson said it has all the marks of a “zombie” or “botnet” type of attack. “Botnet” is a hacker term for a network of robots – machines that are surreptitiously recruited to attack other machines.

“Essentially what happens,” explained Gibson, “is a large number of computers that are under the control of some entities – presumably someone with a grudge – can be recast for various purposes.”

“Sometimes they’re used to generate spam, sometimes to generate fake clicks on advertisements and sometimes they are told to simply flood a site with traffic,” said Gibson.

These zombie machines can bombard a server with enough requests in a short period of time to simply overwhelm it. It would be like putting thousands of cars on the freeway, making it impossible for normal traffic or emergency vehicles to get through.

Such tactics are sometimes referred to as distributed denial-of-service attacks because the computers used in the attacks are distributed all over the Internet. It’s often difficult for the attacked machine to distinguish between legitimate requests for service and the bogus request from the zombie machines.

DOS attacks can also be carried out by disrupting configuration data such as routing information so that traffic to a server is re-routed, or simply sent nowhere instead of the server that users are trying to reach.


CBS News Podcast: Security expert Steve Gibson explains to Larry Magid how hackers can turn your computer into a malicious “zombie”.


The machines that wind up carrying out the attack “are typically owned by regular computer users who have no idea that their machine is now serving two masters,” said Gibson. “It’s serving them, and some remotely located criminal that is able to take the resources of their machine and their Internet connection for some malicious purpose.”

Malicious software to carry out these attacks can come from websites, via email or as part of spyware people download to their computers. Most Internet security programs can protect PCs against being infected by such software, though security is – and has always been – a cat and mouse game between the good guys and the bad guys so there is always the possibility of botnet software slipping past the defenses of even up-to-date security software.

Still, if you use up-to-date security software, the chances of your machine being infected go way down. Also, security software such as Symantec’s Norton 360, TrendMicro’s Internet Security Pro, Zone Labs ZoneAlarm Security Suite and Kaspersky Lab’s Kaspersky Internet Security all do a good job at repairing infected computers along with preventing infections in the first place.

It’s also important to be sure that your operating system is up-to-date. For example, Microsoft issued updates Tuesday for various versions of Windows which fixed 26 flaws, including six what were considered critical. These flaws could put your computer at risk of being taken over by a hijacker who could use it for virtually any purpose – including attacking other computers or web servers.

Once Microsoft identifies and issues a patch for a security flaw, machines that have not be updated are particularly vulnerable so it’s very important to make sure your operating system is up-to-date. If you have Vista or Windows XP Service Pack 2 your software should automatically check for updates but you can help it along by running the Windows Update program or using Microsoft Internet Explorer (doesn’t work with Firefox) to visit windowsupdate.microsoft.com.

Even though Mac users hear less about security problems than Windows users, Macs are not exempt, so it’s also important for Mac users to stay up-to-date. Mac users can learn more at support.apple.com/kb/HT1222.

In addition to the commercial programs there are also several free security programs you can download, according to this 2006 article from CNET’s Download.com