Security & Privacy

In the past week, a number of cyber-attacks have targeted computers in the US and Korea. The targets have been government networks, such as the White House and the State Department in the US, and a number of government web sites in Korea, but also financial sites, such as Yahoo! Finance and the New York Stock Exchange. CNN reported that the attacks involved tens of thousands of computers from around the world.

These attacks are called distributed denial of service attacks, or DDoS for short. They occur when zombie computers – ones taken over by code installed when users get infected with Trojan horses – are all instructed to try and access the same web sites or networks at the same time. If the networks don’t have the resources to handle huge numbers of connections – in some cases, generating as much as 25 mbps in data – they simply collapse. The actual sites or networks are not damaged; they simply cannot accept any connections because there are so many demands. This prevents people from accessing the sites, or conducting business with them.

The Washington Post reports that from 60,000 to 100,000 infected computers are involved in these attacks. They say that these computers are most likely infected with the Mydoom virus, which downloads payload from remote servers telling infected computers what to attack and when. While most of these computers are Windows PCs, it is entirely possible that some Macs are involved in this botnet, if they were infected by the RSPlug Trojan horse. As we have seen recently, hackers have been trying hard to get Mac users infected by this malware. However, as yet, we have no evidence that the RSPlug Trojan horse is involved in this botnet.

DDoS attacks can be very dangerous if they target sensitive sites or networks. They can bring down servers, or even, potentially, important infrastructure such as power grids, air traffic control systems, etc. Your Mac could be targeted by a DDoS attack as well, if hackers choose addresses at random, or focus on your Mac for some specific reason. The best way to protect Macs from such attacks is to use Intego NetBarrier X5, using its Antivandal features to block ping floods and SYN floods.

NetBarrier X5 ensures that, when attacks begin, they get blocked, preventing your Mac from attempting to respond to them. Attackers’ IP addresses are blocked and incoming connection attempts are simply ignored.