Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 29th, 2010

CIA, PayPal, Hundreds Of Other Websites Under Unexplained SSL Assault

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”

It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.

“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.

Security mavens aren’t sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve.

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to and, other sites include,, and Here is the full list of attacked addresses:

Credit: The Register,

Share this item with others:

More on CyberInsecure:
  • Cross-Site Scripting Vulnerability On Paypal Could Be Used In Phishing Attacks
  • Paypal Is Being Used In Popular Nigerian 419 Scam
  • Phishers Celebrate PayPal’s 10th Year Anniversary
  • Pro-Wikileaks Attacks Hit PayPal Blog, Swedish Prosecutors, Swiss Bank’s, MasterCard
  • Anti Fraud Site Hit By A DDoS Attack

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: CIA, PayPal, Hundreds Of Other Websites Under Unexplained SSL Assault

    2 Responses to “CIA, PayPal, Hundreds Of Other Websites Under Unexplained SSL Assault”

    1. Mike Cardwell Says:
      February 1st, 2010 at 8:24 am

      My server is on the above list “” … It suffered no such attack.

    2. Mike Cardwell Says:
      February 1st, 2010 at 8:28 am

      Actually… That would explain some stuff I’m seeing in my logs… I just didn’t notice because it hasn’t caused any availability problems.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.