CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 20th, 2008

Website For The President Of Georgia Under Distributed Denial Of Service Attack

Steven Adair from Shadowserver reports a multi-pronged distributed denial of service (DDoS) attack against the website of President of Georgia, Mikhail Saakashvili (www.president.gov.ge). For over 24 hours the website has been rendered unavailable. The attack began very early Saturday morning (Georgian time). Shadowserver has observed at least one web-based command and control (C&C) server taking aim at the website hitting it with a variety of simultaneous attacks. The C&C server has instructed its bots to attack the website with TCP, ICMP, and HTTP floods.

The server [62.168.168.9] which houses the website has been largely offline since the attack started. Passive DNS records show the system houses several other websites which are mostly unrelated to the Georgian government. However, the server does also host the Social Assistance and Employment State Agency website (www.saesa.gov.ge). This website along with the others on the host have been rendered inaccessible.

The C&C server involved in these attacks is on the IP address 207.10.234.244, which is subsequently located in the United States. Shadowserver recommends blocking and/or monitoring for traffic to this address. Currently it appears the host site for 207.10.234.244 has taken action against this system and appears to now be blocking access to it. However, the server being targeted by the C&C is still unreachable.

Recent DDoS attacks against various other neighbors of Russia to include Estonia have been quite popular in the last few years. We do not have any solid proof that the people behind this C&C server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders. On top of that the domain involved with this C&C server has seemingly bogus registration information but does tie back to Russia.

Update (July 22): Georgian authorities denied this attack. According to Interfax, Georgian press center claimed that the website worked without difficulties and the reports about a DDoS attack are false.

Share this item with others:

More on CyberInsecure:
  • Australian Atheist Websites Taken Offline By Distributed Denial Of Service Attacks
  • Distributed Denial Of Service Attack Takes Down Twitter
  • Denial-of-service Attack Hits Wikileaks During US Diplomatic Cables Leak Release
  • Iranian Opposition Launches Organized Cyber Attack Against Government Sites
  • GoDaddy.com Hosting Hit By A Major Denial-of-Service Attack

    • Posted in DDoS, Targeted Attacks | Print This Post Print This Post

    This entry was posted on Sunday, July 20th, 2008 at 3:08 pm and is filed under DDoS, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Website For The President Of Georgia Under Distributed Denial Of Service Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »