February 2, 2004
The “MyDoom” denial of service on SCO yesterday apparently surprised officials by its speed and severity. F-Secure estimated the total amount of infected computers “to be over one million.”
It appears that the attack started 16 hours or so earlier than expected, probably due to mis-set clocks. Want to bet the next big one carries an NTP client?
Granted, maybe this couldn’t have happened to a nicer bunch of guys, and granted also that the whole DDOS thing is probably a smokescreen to take peoples attention away from a million new machines zombied as spam relays, but just what is going to happen when one of these aims at a target of actual significance?
“Dedicated lines” are largely a thing of the past—even secure services share bandwidth with the mainline net at any number of chokepoints. How long will it be before we see stuff like this aimed at saturating bandwidth at a series of such chokepoints and taking significant infrastructure down?