Further claims have been made about distributed denial of service (DDoS) attacks becoming more prevalent.

 

Jose Nazario, manager of security research at Arbor Networks, claimed that he had ‘been busy in the community watching some DDoS events unfold'. Pointing to a large amount of discussion on DDoS on micro-blogging site Twitter, Nazario pointed to four attacks in just over a week from 30th March to 7th April.

 

Nazario said: “We have data on some of these attacks but not all, and we're actively looking for commands and controls in all cases. What's interesting is the major services they're hitting. There's no apparent gain here, but definitely some widespread impact.

 

“It amazes me that I'm still talking about this problem over ten years after I first started looking at it, prior to me coming to Arbor.”

 

He also referred to the recent story where a Russian newspaper claimed that attacks on tonks.ru, roem.ru and others are evidence of Conficker stepping it up its activities.

 

Nazario claimed that there was ‘no obvious reason' for Conficker to be blamed for the attacks, and said: “It turns out that I was characterising a new (to me) DDoS bot codebase we have dubbed ‘Votwup' and it's responsible for at least some of the attacks.

 

“It would be difficult to confuse this malware with Conficker, and it has its own little dropper. In this case once the bot is dropped it checks into a website with its UID and version and gets back a Base64 encoded command. When this is decoded using Base64, the address is ddl=http://tonks.ru/index.php?name=forums."

Nazario concluded that most of the Votwup commands and controls Arbor has classified so far are dead.