Here is what a real-life Babel attack could look like: it would propagate using Outlook and OutlookExpress vulnerabilities to send itself over to addresses contained in the address book, in a way similar to Melissa, ExploreZip and I Love You. I couldn't get numbers for the other two, but CERT (www.cert.org) estimates that 500 000 computers were infected with I Love You within the first four days of life of the virus. Quite impressive, but I'm sure that can be surpassed. I made several job interviews lately, and I know that several companies plans to keep using or switching to Outlook. All that computer base available for Denial of Service. Let the show begin!
A sad day for Internet users across America. Computer experts have reported a new virus outbreak dubbed "fuckyou.com" that spreads via Microsoft's e-mail clients Outlook and Outlook Express, officials said today. This virus performs denial-of-service type of attacks against a variety of major websites all over Internet, amongst them yours truly SeaNN.com, which means that nobody can actually read this article, but we keep publishing anyway, always in the desire to better serve our audience. Also taken in the drift, online banks and e-commerce websites. After the Barcklay scandal last year, and this attack, some major banks have decided to retire, at least for the moment, its online activities. As for e-commerce, loss of revenue is estimated to over 50 billions of $, according to report from Toilette et Douche consulting. A cure is now available at major antivirus vendors websites, but it seems they have some difficulties to effectively distribute the patch due to high traffic caused by the DDoS attack.
To see this story in full streaming audio and video, click here.
-----
SeaNN.com News website
02/30/2001
-----
This would actually cause a denial-of-service of such proportions that it will almost be impossible to get rid of it. There is strength in number. With such a computer base available for attack, I can hardly imagine any valid data making it to its destination for at least a couple of days. That will also mean that Internet will be an unreachable medium (at least for quite a while) to distribute information and fix about this outbreak. People will have to rely on traditional medias to do so, and these are not always quite accurate when it comes to dealing with technology. Second, as the fix becomes more and more available and distributed, the attack will still happen until the last machine infected is cleaned or disconnected. Another aspect of the attack is the fact that it's impossible for victims to block incoming DoS packets based on the source address at the firewall, because they will also block a lot of potentially valid traffic. They will have to rely on packet fingerprinting, unless the DoS tool uses randomness in the packet generation. Also, victims could try to change the IP addresses for their machines, but this would fail if the packets are sent to www.companyname.com instead than 12x.x4x.55.xx. Besides, once the first attack is done, there will probably be variants that will take care of re-emerged victims. In short, it will be quite a mess.
4. Adding things up
6. Can it be cured?
Table of contents