An attack two nights ago on the very heart of the Internet has once again raised the issue of zombie or bot networks and how ordinary people can unwittingly contribute to potentially-catastrophic events.
On Tuesday night, an attack on the Internet's root servers saw three of the 13 servers compromised and considerably slowed – although they didn't go down, and the attack was contained within about five hours.
The remaining servers also experienced unusually heavy traffic, but weren't badly affected.
The 13 servers manage the Internet's Domain Name Service – the address book that translates domain names into the IP addresses of individual servers and make it possible to find anything on the Internet.
Experts at SophosLabs have challenged internet users as to whether they unwittingly played a part in the attack as users' computers are likely to have been taken over by hackers to create zombie networks or botnets, in order to bombard the servers with traffic.
They point out that, while the computer owners may have been unaware that their PCs were compromised, had the attack been successful then all website access and e-mail delivery would have been suspended globally.
"These zombie computers could have brought the web to its knees, and while the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem – the lax attitude of some users towards IT security," said Graham Cluley, senior technology consultant at Sophos.
"Society is almost totally reliant on the Internet for day-to-day communication – it's ironic that the people who depend on the web may have been the ones whose computers were secretly trying to bring it down."
Root servers, which manage the internet's Domain Name System, help to convert website names such as amazon.com to their numeric IP address – essentially acting as an address book for the internet. UltraDNS, which manages traffic for websites ending with the suffix .org and .info, confirmed that it had witnessed an unusual increase in traffic. In all, three of the 13 servers at the top of the DNS hierarchy are said to have felt the impact of the attack, although none are thought to have stopped working entirely.
"If the DNS servers were to fall over then pandemonium would ensue, emphasising the importance of properly defending all PCs from being taken over by hackers," explains Cluley. "A denial-of-service attack like this swamps web-connected servers with traffic from many computers around the globe.
"It's a bit like twenty hippos trying to get through a revolving door at the same time – there's no route through and everything clogs up. Fortunately the system is designed to be extremely resilient to these kind of attacks, and the average man in the street won't have noticed any impact."
Some reports have suggested that much of the attack traffic may have come from computers based in South Korea. However, the motivation for the attack remains unclear.
"The hackers responsible for this attack may have been doing it through mindless malice rather than have had financial reward in mind," says Cluley. "Whatever the motives of the people responsible for this assault, everyone needs to properly defend their PC from being taken over by hackers and used for criminal purposes."
According to reports, the incident was the most significant attack against the DNS backbone since October 2002.