Ten Days of Rain
Contents
White Paper
Ten Days of Rain
Expert analysis of distributed denial-of-service attacks targeting
South Korea
White Paper
Ten Days of Rain
Table of Contents
Executive Summary
3
High-Level Attack Overview
3
Detailed Attack Overview
5
Analysis
5
Payload binaries
5
Command and control client
5
Distributed denial-of-service component
7
Date monitor and self-destruct payload
9
Remediation
Perspectives
10
11
Comparison with July 4, 2009 DDoS attacks
11
Perspective summary
11
Conclusion
12
Credits and Acknowledgements
12
Appendix A: McAfee Solutions
13
Protection from malware
13
Protection from the DDoS attacks
13
Appendix B: Observed First-Tier C&C Servers
13
Appendix C: Alphabetical List of DDoS Targets
14
Appendix D: Alphabetical List of DDoS Targets in 2009 attacks
15
White Paper
Ten Days of Rain
Executive Summary
On March 4, 2011 McAfee began detecting distributed denial-of-service (DDoS) activity against
targets in South Korea. The attacks were sourced from a botnet architecture leveraging compromised
hosts in South Korea. The DDoS attacks were targeting South Korean government websites as well
as the network of U.S. Forces Korea (USFK). In addition to the DDoS attacks, which were successful
in negatively impacting the availability of multiple Korean targets, McAfee also analyzed the malware
responsible for initially turning the attacking …
Ten Days of Rain
Expert analysis of distributed denial-of-service attacks targeting
South Korea
White Paper
Ten Days of Rain
Table of Contents
Executive Summary
3
High-Level Attack Overview
3
Detailed Attack Overview
5
Analysis
5
Payload binaries
5
Command and control client
5
Distributed denial-of-service component
7
Date monitor and self-destruct payload
9
Remediation
Perspectives
10
11
Comparison with July 4, 2009 DDoS attacks
11
Perspective summary
11
Conclusion
12
Credits and Acknowledgements
12
Appendix A: McAfee Solutions
13
Protection from malware
13
Protection from the DDoS attacks
13
Appendix B: Observed First-Tier C&C Servers
13
Appendix C: Alphabetical List of DDoS Targets
14
Appendix D: Alphabetical List of DDoS Targets in 2009 attacks
15
White Paper
Ten Days of Rain
Executive Summary
On March 4, 2011 McAfee began detecting distributed denial-of-service (DDoS) activity against
targets in South Korea. The attacks were sourced from a botnet architecture leveraging compromised
hosts in South Korea. The DDoS attacks were targeting South Korean government websites as well
as the network of U.S. Forces Korea (USFK). In addition to the DDoS attacks, which were successful
in negatively impacting the availability of multiple Korean targets, McAfee also analyzed the malware
responsible for initially turning the attacking …