December 2012

Throughout December 2012 customers of large banks have had problems accessing their bank account websites due to DDoS attacks on major banks. According to an eWeek article banks including Bank of America, Citibank, Wells Fargo, PNC Bank and SunTrust have customers reporting problems.

April 2012

The hackers "Anonymous" have been at it again this month as reported in this article at According to the article, "The group in recent days has launched denial-of-service (DoS) attacks on the Websites of TechAmerica and USTelecom, two trade groups that represent such tech heavyweights as IBM, Apple, AT&T and Verizon Communications, and have spoken out in support of the proposed Cyber Intelligence Sharing and Protection Act (CISPA), a bipartisan bill designed to better enable U.S. government agencies and businesses to voluntarily share information about cyber-attacks." According to a similar article at, the hackers seemed to be taking aim at China and the UK. The article reported that a hacker contacted through the Anonymous China Twitter account, and said that "the group was planning more attacks, a few at a time, with the hope of taking down the Great Firewall of China." Derek Carr, President of stated, "It's clear to everyone involved that as more attempts are made by governments to control the use of the internet, the ire of hackers will continue on the increase." He further noted that DDoS protection is going to "be needed by more and more organizations."

January 2012

The hacker group "Anonymous has made DDoS attacks as easy as clicking on a social media post and thus gathering more "attackers" in the process. Such an attack was used against the U.S. Justice Department this month. It was brought on after law enforcement brought down As reported in this CRN News article: "Links posted on Twitter and elsewhere on the web pointed to a page on the web site. Visiting the page would execute JavaScript that would use the visitor's computer to flood a web site of Anonymous' choosing with traffic. To avoid becoming a victim, people would have to disable JavaScript on their computers." This is simply another indicator of the escalation of the war by hackers and the need for good DDoS protection.

August 2011

Researchers at Arbor Networks reported this month that a "new tool" called Dirt Jumper is circulating among underground hackers. This is just one more reason to consider protecting your website from distributed denial of service (DDoS) attacks. According to a spokesman at Arbor, they believe that the Dirt Jumper tool is being "actively sold in the criminal underground economy." Cyber criminals are not slowing in their attacks on corporate and individual websites. In fact DDoS attacks on websites seem to not only be increasing in number but also in size and are occurring around the world on a regular basis. Businesses that come under DDoS website attack are reluctant to report the attacks due to the negative publicity. You can read more on Dirt Jumper in this article in CRN News.

August 2011

Here's just another example of the fact that hackers never sleep and always seem to be knocking at the door of your website. The Apache Software Foundation last week, issued an advisory that it was scrambling to fix a flaw discovered in its software. Apparently the flaw exploits a serious HTTPD Web Server vulnerability that enables attackers to launch denial of service (DoS) attacks remotely. According to this article in CRN news, an exploit can occur "when attackers send specially crafted HTTP requests that incorporate malformed range HTTP headers. The flaw would cause each of the bytes requested in the range header to be compressed separately, subsequently consuming vast quantities memory that would effectively cause the system to shut down." can protect your website against such malicious attacks. Just call 855-336-7435.

May 2011

Microsoft recently released Security Intelligence Report Volume 10. In it they point out vulnerabilities in applications, as opposed to operating systems and web browsers, continues to account for the majority of attacks. At the same time the trend seems to be one of moderation since 2006. Exploits using Java are on the increase, as is the use of phishing tactics on social networking sites. The nearly 500 page report can be downloaded from Microsoft or there is also a 9 page summary of the Key Findings available.

December 2010

In 2007, the Messaging Anti-Abuse Working Group (MAAWG) issued a set of "Best Practices for the Use of a Walled Garden" to its members. Since that time the group has continued to bring the messaging industry together to work collaboratively and successfully address the various forms of messaging abuse, such as spam, viruses, denial-of-service attacks and other messaging exploitations. MAAWG has developed initiatives in three areas to resolve the messaging abuse problem: industry collaboration, technology, and public policy. Many of their white papers and documents can be downloaded at

December 2010

This month, the Internet Engineering Task Force (IETF) released a report advising ISP's on how to better manage the effects of computers used by their subscribers. When Internet users with infected computers are exposed to risks such as loss of personal data, as well as increased susceptibility to online fraud and/or phishing, they can become inadvertent participants in or a component of an online crime network, spam network, and/or phishing network.

October 2010

Internet Service Providers (ISP's) have been reluctant to do anything about protecting the web sites that they host from DDoS attacks. The reasons are several. They usually operate on thin margins and do not have the resources to install and manage appropriate technologies. Without these technologies or expertise they have little or no means to detect attacks. Another question is whether they have the responsibility to protect the sites that they host. The arguments have just begun to come to the forefront as attacks have been on the increase. This article in Computerworld is an example of the discussion becoming more commonplace.

October 2010

ZDNet in this short article lists growth of botnets in their top "scary trends" for 2010. Where botnets used to be the tool of script kiddies, they have now gone mainstream. They are now the preferred tool of hostile governments, cyber crime mafias and others intent on toppling important companies, leaders and governments from their posts. Botnets are here to stay.

October 2010

Law enforcement officials in the Netherlands have seized and disconnected 143 servers linked to the dangerous Bredolab botnet. This article summarizes another typical example of a broad and widespread botnet attack. These attacks will continue to become commonplace as web hosting providers continue searching for ways to protect themselves.

June 2010

Microsoft has been studying the proliferation and threat of botnets for some time. In their effort to help their customers and users stay abreast of security issues, Microsoft released this report: Volume 9 of its Security Intelligence Report. The entire report is dedicated to a discussion of botnets and what to do about them. The full PDF version of the report can also be donwloaded from this site.

March 2010

Spam has continued to increase in the last few years. It now accounts for close to 90 percent of all e-mail worldwide according to Symantec in this article. The February surge in Botnets are contributing in large part to this increase, according to Symantec. For now there is no end in sight. Web hosting providers will continue to be forced to deal with large amounts of spam created by botnets.