Historical OSINT – An Analysis of the South Korean/U.S DDoS Attacks Circa 2009

 During the last couple of days, I was getting harder to resist not publishing some of literally moronic commentary on the DDos attacks, thankfully not made

by people I know in person or virtually. From the “we know they did it but we don’t have data to prove it”, to the very latest and most disturbing commment

by a U.S intelligence

Why disturbing? Because that’s exactly what the person — controversial to the common wisdom you don’t need a team to launch this old school amateur-ish http

request flooder — 

Key summary points:

– if such a small botnet with such a noisy and amateur-ish request flooder can shutdown the U.S FCC for days, I wonder what would have happened to the rest

of the sites in the target list if the size of the botnet and sophistication of DDoS techniques improved

Let me continue in this line of thought – or they secretly brainwash the Teletubies and infiltirate he hearts and minds of children across the globe, a future

generation of pro-North Korean youngerts. Or they could secretly become a Russian Business Network franchise, now try sending an abuse notice to the non-existent

North Korean ISPs. They could, 

The Web is abuzz with news reports regarding the ongoing DDoS (distributed denial of service attack)

The attacks which originally took off in the 4th of July weekend, target 26 Sourth Korean and American government sites and financial institutions.

The W32.Dozer comes in the form of an email attachment

Upon execution the trojan attempts to download the list of targets from three apparently compromised servers based in Germany, the U.S and Austria.

213.23.243.210 – Mannesmann Arcor Telecommunications AG & Co

216.199.83.203 – FDN.com 

213.33.116.41 – Telekom Austria Aktiengesellschaft

75.151.32.182

92.63.2.118

75.151.32.182

202.14.70.116

201.116.58.131

200.6.218.194

163.19.209.22

122.155.5.196

newrozfm.com

text string “get/China/DNS

The word china within the malware code, the

http://www.virustotal.com/analisis/7dee2bd4e317d12c9a2923d0531526822cfd37eabfd7aecc74258bb4f2d3a643-1247001891

http://www.virustotal.com/analisis/1d1814e2096d0ec88bde0c0c5122f1d07d10ca743ec5d1a3c94a227d288f05a7-1246990042

http://www.virustotal.com/analisis/7c6c89b7a7c31bcb492a581dfb6c52d09dffca9107b8fd25991c708a0069625f-1246990249

http://www.virustotal.com/analisis/f9feee6ebbc3dc0d35eea8bf00fc96cf075d59588621b0132b423a4bbf4427d4-1247006555

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products