BugTraq members used to launch attack against Network Associates

A denial-of-service attack that hindered access to Network Associates Inc.'s Web sites last week was launched against the security software vendor through a Trojan horse program that was sent to members of the popular BugTraq security mailing list by the list's administrators, who didn't realize until it was too late that the code had a malicious intent.

The Trojan program masqueraded as an attachment detailing exploits of several security vulnerabilities in a key piece of Internet server software that were publicized earlier last week. Network Associates' PGP Security business unit played a prominent role in warning companies about the vulnerabilities and urging them to upgrade their systems (see story).

Just how many of BugTraq's 37,000 subscribers were used to mount the attack against Network Associates last Wednesday night is hard to estimate, said Elias Levy, BugTraq moderator and chief technology officer at SecurityFocus.com, a San Mateo, Calif.-based Web site that tracks security issues. Despite BugTraq's inadvertent involvement in launching the attack, Levy defended the mailing list's operating methods.

"We wish that something like that wouldn't have happened, but BugTraq moderation is not in place to validate information or source code sent out to the list," Levy said in an interview. In an e-mail message sent to BugTraq members last Thursday, meanwhile, Levy noted that the mailing list takes a "caveat emptor" approach to sending out files.

BugTraq doesn't plan to change any of its policies in the wake of the attack, because trying to validate every incoming message or program would "simply be impossible," Levy said. That responsibility, he added, lies with the long list of security analysts, network administrators, academic members and white-hat hackers who subscribe to the list.

Access to Network Associates' home page and other Web sites was hampered for about 90 minutes after last week's denial-of-service attack was launched, said Jim Magdych, security research manager at PGP Security's Computer Vulnerability Emergency Response Team.

The Santa Clara, Calif.-based company's sites never went completely off-line, according to Magdych. But some users were unable to connect to them during the attack, he said, while others managed to get through and then experienced slow responses to their queries (see story).

Last Monday, PGP Security joined with the CERT Coordination Center at Carnegie Mellon University to advise corporate users about newly discovered flaws in multiple versions of the Internet Software Consortium's Berkeley Internet Name Domain (BIND) server software, which allows companies to connect their Web servers to the Internet. Magdych said PGP's role in that announcement "certainly could be a motivating factor" in the denial-of-service attack against Network Associates.

This story, "BugTraq members used to launch attack against Network Associates" was originally published by Computerworld.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon