ISP Netdirekt - a Germany-based company - is blamed for causing the Distributed Denial of Service (DDOS) attack aimed at popular newswire VietnamNet, according to the country’s CMC Internet Security Friday.
 |
| VietnamNet newswire |
For now, the Distributed Denial of Service (DDOS) attacks have dropped by 50 percent in intensity Friday after nearly 100,000 computers joined to carry out a concerted hacking in early January against the newswire.
This is considered the largest DDOS ever aimed at the site. Hackers used DDOS by bombarding it several times per second from IP addresses both inside and outside Vietnam.
According to Lao Dong newspaper, CMC Internet Security has detected and killed malware Trojan.Oxdex.vnn, an agent joined to carry out the hacking.
According to CMC’s analysis, the Trojan.Oxdex.vnn was put into GoogleCrashHandler.exe file.
After installment, the trojan sent the demand to domain oxdex.com to take file logo.jpg to receive and decode the control information.
When the user’s computers are infected, they will receive the attacking commands from the host computer having the domain oxdex.com.
This Trojan is meant to serve a non-existent computer network at domain oxdex.com.
The Trojan has a function of receiving Denial of Service through HTTP (The Hypertext Transfer Protocol - a networking protocol for distributed, collaborative, hypermedia information systems, according to the analysis.
Oxdex is the domain name of the host computer controlling the non-existent computer network, whose address has not been analyzed yet.
However, based on DNS history, Oxdex.com has IP network No. 178.162.225.254 belonging to AS28753 managed by ISP Netdirekt – a Germany-based company.
AS28753 and Netdirekt have been known for containing lots of malwares, trick websites, and spam.
According to Google’s analytics, there are up to 23,519 websites having harmful contents at Netdirekt.
At present, the host computer with the domain Oxdex.com have stopped working, so the CMC Infosec could not take the content of logo.jpg file for further investigation.
To avoid becoming a non-existent computer aimed at attacking Vietnamnet, Internet users can update some antivirus software to kill the Trojan.Oxdex.vnn malware from CMC Infosec’s website.
This is the third time in two months that Vietnamnet was hacked.
On November 22, hackers took over the website and deleted some data.
On December 6, they successfully posted several articles to leak purportedly sensitive info about the most popular online newspaper.
