Info on DDoS attacks

The FBI released a FBI Liaison Alert System (FLASH) Message today, containing information on recent DDoS attacks. The contents of the FLASH Message is listed below:

SUMMARY
(U) Since September 2012, US financial institutions have been under coordinated and timed DDoS attacks. In total, 50 U.S. financial institutions have been targeted in over 200 separate DDoS attacks with varying effects. The botnets used in the attacks, identified as “Brobot” and “Kamikaze/Toxin” consist of compromised high bandwidth webservers with vulnerable content management systems. The compromised bots are infected through a vulnerable customer account. Once the customer account is accessed, attack scripts are uploaded to a hidden directory on the customer web site.

TECHNICAL DETAILS
(U) The aforementioned attacks have originated from 7,761 identified IP addresses which resolve to hosts in 111 countries. The FBI is distributing the indicators associated with this attack to enable network defense activities and reduce the risk of similar attacks in the future. The FBI has high confidence that these indicators were involved in the recent DDoS attacks. The FBI recommends that your organization help victims identify and remove the malicious code.
(U) Attached to this document is an Excel spreadsheet (Click here) that contains indicators including the full paths of the attacking scripts, IP addresses, date and time stamps of the attack and ISP information.

POINT OF CONTACT
Please contact the FBI with any questions related to this FLASH report at:
Email: cywatch@ic.fbi.gov or Voice: +1-855-292-3937