Someone in China hates someone in Seattle. A. Lot.
Over the past few hours, botnet attack tracker Norse: IPViking Live has been displaying, in real time, an enormous series of attacks around the world. First most active in Asia and the USA, the attacks now span the globe, with dense concentrations of action in Northern Europe, Asia particularly China, and the Southern and coastal United States.
Someone also has it in for Mali and Perth, Australia.
A botnet is an army of enslaved computers, infected by a Trojan or virus. The owner is unaware that his computer is being used by some distant slavemaster for nefarious purposes. At a signal from the botnet master, the computer attacks a target in one of a number of ways.
In these particular attacks overnight, it looks like a protocol used by cloud storage company Dropbox is a significant vector of attack. So, time to take your mp3s and put them on a CD for the next little while. This comes one day after Edward Snowden, in an interview with the Guardian, suggested Dropbox was dangerously insecure, “hostile to privacy,” and advised users to abandon it.
At this point it’s too early to tell, but from the patterns it appears that multiple botnets are being used to attack, and that some of the smaller attacks may be taking advantage of the cover the larger US/China conflict provides, as global attentions are diverted to the largest and most dangerous two players on the board.
Scottsdale, Miami, Seattle, San Diego, Standford, San Rafael, Kirksville…what do they have in common?
The attacks may also be related to the fast-growing Pushdo trojan, which infected 11,000 new machines in the last 24 hours, primarily in Asia and the US.
h/t Cyber Crew
Featured image, screenshot from Norse – IPViking Live, 3:15am July 18