Print
Send to friend
RSS feedsThe FBI is consulting security industry experts to develop ways of detecting and preventing the type of attacks suffered by major websites this week.
Network Associates and Internet Security Systems (ISS) have been approached by the FBI to help develop methods of preventing these attacks and to help devise ways of detecting who is carrying them out.
Yahoo and Amazon, along with many others, were the victims of what was described as distributed denial-of-service attacks. These bring websites to a standstill by bombarding them with fraudulent queries.
Similar attacks hit online brokerage, eTrade, which suffered 20 minutes of disruptions following an attack. ZDnet was also brought to a standstill for two hours.
Network Associates said the FBI asked for its help because it manufactures a product that can detect the so-called Zombie code which is responsible for launching these attacks.
The code has been widely available on hacker bulletin boards since as early as July last year.
Douglas Hurd, head of sales development at Network Associates, said companies should use scanners to check for the code. "There are many different legal implications of this. Even if the code is put on your servers by a hacker and used in this type of attack, there is a risk that you could be held responsible for the damage," he said.
"There are a number of companies that provide this type of technology. Rather than preventing an attack, it will tell you if you're vulnerable," said Paul Cronin, security consultant at Centurycom.
"With enough computers bombarding you over the Internet, any company is vulnerable to these types of attack."
Separately, in a survey released today, the National Computing Centre (NCC) said that only 53 per cent of UK companies have an IT security policy.
The report showed that only 16 per cent viewed security as a business enabler and just over 24 per cent believed it to be nothing more than a "necessary evil".
