CIA, PayPal i stotine drugih organizacija pod bizarnim su napadom koji koristi milijune SSL zahtjeva prema web serveru. SSL zahtjevi tjeraju web servere da koriste više resursa nego normalni zahtjevi. Napad je počeo prije otprilike tjedan dana i čini se da je posljedica promjena na botnetu znanom kao Pushdo. Je li ovo možda samo test za ono što slijedi?

Detaljnije (na engleskom):

"What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses," Shadowserver' Steven Adair wrote. "This might be a big deal if you're used to only getting a few hundred or thousands of hits a day or you don't have unlimited bandwidth."

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.

It's not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don't request any resources from the website or do anything else.

"We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn't quite look like a DDoS either," Adair wrote.

Security mavens aren't sure what targeted sites can do to thwart the attacks. Changing IP addresses may provide a temporary reprieve. Adair asks those with better mitigation techniques to contact him.