Are you part of the USA/South Korean DDoS attack?

Filed Under: Denial of Service, Malware, SophosLabs

USA and South Korean flagsThis question came up in a discussion on the recent DDoS attack on various US and South Korean sites. The main concern was if there was a way to tell if his/her computer had been compromised to be a part of the botnet and how could they tell?

Good questions.

In response to the first question, one of the ways to know if your computer is involved in a DDoS attack is to observe the traffic coming from it from another computer on your network.

Tools such as WireShark can analyze the traffic and will log what it finds.

But what if you aren't that technical or only have one computer at home? Then the answer may well be "Hard to say".

However, if all of the user's software on the machine is up-to-date with patches, the OS is up-to-date with patches, and they have an intelligent firewall that they can configure to watch both inbound and outbound traffic, then the risk is greatly reduced.

For this particular DDoS attack, we detected all of the components as:

Mal/Behav-104
Mal/Generic-A
Mal/Mdrop-Fam
Troj/Agent-KLG
Troj/Dropr-BH

You might like

About the author

Beth Jones Senior Threat Researcher, SophosLabs US Beth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.