According to multiple reports by online researchers, including Internet watchdog group Shadow Server (www.shadowserver.org) and SecureWorks (www.secureworks.com), hundreds of organizations, including the US Central Intelligence Agency (www.cia.gov) and PayPal (www.paypal.com), were the targets of an unexplained assault that has overwhelmed the sites with SSL connections.

Research Director of SecureWorks, Joe Stewart explained that these sites experienced an unexpected rise in traffic by several million hits spread out across several hundred thousand IP addresses.

“This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth,” Shadow Server notes in a blog post. Shadow Server went on to suggest that the Pushdo botnet, which recently underwent changes to its core code, was likely the perpetrator, causing infected nodes to create junk SSL connections to approximately 315 different websites.

This attack, Shadow Server notes, is not the typical distributed denial of service operation, and it seems that knocking sites offline wasn’t the end goal. “The bots seem to start to initiate an SSL connection and a bit of junk to the websites and then disconnect,” they stated. “They do not actually request an resources from the website or do anything else other than repeat the cycle periodically. They are doing this to hundreds of sites all day long. We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either.”

Given the nature of the attack, it remains unclear why Pushdo unleashed the torrent.

Info Credits : thewhir

Image Credits: halganka