February 26, 2001, 10:53 AM — LIKE MANY OF YOU, I have to juggle a lot of balls, and I don't have time to do all the reading necessary to stay current with industry trends. I do try to regularly browse various news sites to find out what's happening in the "real world," but I have to confess that I don't subscribe to many security newsletters because I don't have time to read them even when they're delivered by e-mail. In fact, I've been battling inbox overflow for several months and finally started to set aside a few hours each week just to figure out which messages need follow-up. At the rate I'm going, I should be caught up sometime in the year 2037, but only because, if I'm still alive, I'll be so old that I'll need less sleep.
For the last few weeks, I've been doing the trade show circuit, fighting deadline monsters, and nursing a broken toe, so my daily reading has slipped even more than usual. It wasn't until the days that some folks refer to as "the weekend" rolled around that I had the time to read about my current favorite for Nervy Hack of the Year. I'm referring to the recent DDoS (distributed denial of service) attack on Network Associates, when the hostile code piggybacked on a BugTraq mailing list.
I can't tell you how good it felt to be a slacker when I heard about this. Ordinarily, a sick combination of Catholic guilt and Puritan work ethic makes me feel as if I should be checking out exotic and varied information sources during every available waking moment. Then something like this comes along and makes me want to go back to the good old days of receiving information solely by the printed page. After all, the only chance I'll have of catching a virus that way is if the mail carrier sneezes on me.
For those of you who, like me, missed the initial reports of the "BugHaq," I'll tell you how it unfolded.
On January 31, a DDoS assault was launched against Network Associates' DNS server. The attack lasted for nearly 90 minutes, and, although users had difficulty connecting to Network Associates' Web servers, the site never went completely offline. This attack followed two related incidents involving Microsoft's DNS records the week before and revelations of holes in Berkeley Internet Name Domain (BIND), the most widely used implementation of DNS.
But what makes the latest assault so chilling is that the "zombies" -- most DDoS assaults rely upon co-opting the systems of innocent third parties as a way to foil any tracing of the attack -- were subscribers to BugTraq's security mailing list.
Although it's still not known how many of BugTraq's 37,000 subscribers were used as "human shields," it is certain that the attackers planted a Trojan horse in an attachment that described a DNS security hole which attackers might exploit.