A botnet composed of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.
The attack started Saturday, and security experts have credited it with knocking the Web site of the U.S. Federal Trade Commission (FTC) offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).
"The DOT has been experiencing network incidents since this past weekend. We are working with the U.S. Computer Emergency Readiness Team (US-CERT) at this time," a DOT spokeswoman said Tuesday.
A spokeswoman for the U.S. Department of the Treasury confirmed that the Treasury's Web site had been hit with a denial-of-service attack.
"We're working with our service provider to mitigate the impact," she said.
A spokeswoman for the FTC could not say what caused the outage at that agency's Web site.
Other targets have included banking Web sites in Korea, U.S. Bancorp, the U.S. Secret Service, the U.S. Department of Homeland Security, the U.S. Department of State, the White House, the U.S. Department of Defense, the New York Stock Exchange, Nasdaq and the Washington Post, according to security researchers studying the incident.
A more complete list of U.S. and South Korean sites targeted in the attack has been published by a Korean blogger who posted an analysis of the botnet code. According to this list, Amazon and Yahoo have also been targeted.
The U.S. Department of Homeland Security (DHS), which runs US-CERT, said late Tuesday that it had warned federal agencies and partner organizations and was working to mitigate the attack. "We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," the DHS said in a statement. "US-CERT will continue to work with its federal partners and the private sector to address this activity."
The attack, while powerful, is not particularly sophisticated and appears to be more of a nuisance than a threat to security. It uses a variety of well-known distributed denial of service (DDoS) attacks that try to overwhelm Web sites with useless requests and make them unavailable for legitimate users, security experts say. Most of the targeted sites in the U.S. appeared to be working normally on Tuesday.