Washingtonpost.com and Security Fix readers may have noticed that our site was a bit slow and occasionally unreachable today. Turns out, the site has been under attack by about 60,000 compromised PCs around the globe for several hours now.
We weren't the only site reportedly picked on, though. According to several security researchers who asked to remain anonymous because they are still helping to investigate the assault, the same attackers targeted Web sites for the White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration, with varying success.
The hit list is hard coded into the malicious software, but it appears the list can be updated. The Federal Trade Commission, which was targeted by this malware yesterday and was offline for at least part of the day, is not on the current list of targets.
Other targets on the current list include the Web sites for the New York Stock Exchange, NASDAQ, the U.S. Treasury and State Department.
This caused me headaches over the weekend. Layer3 had some pretty significant packet loss through all it's DC and Atlanta POPs causing indirect problems for every transit provider I deal with.
The word is that this was either done by or on behalf of North Korea, because only US and South Korean sites were targeted. Not sure what I make of it. I'd be interested in knowing what the malware pedigree is.