Cyberattacks’ Aftershocks Hit the Web

Twitter and Facebook have since bounced back from the the spam and the denial-of-service storm that hit them late last week, but the aftereffects continue to be felt across the Internet.

Malware purveyors began exploiting Friday’s attack the same day it began. Initially, the denial-of-service and spam assault targeted one person, Facebook said. The intended victim was a Georgian anti-Russian dissident who goes by the name of “Cyxymu”, and malware developers placed malicious links related to his name on search engines, using black hat SEO.

The bad links connected to sites that attempted to install malware on visitors’ computers, one security researcher said.

“We did not have to wait long before encountering such sites taking advantage of the news,” Francois Paget of McAfee Avert Labs wrote in his blog.

The threat of malware wasn’t the only result of Friday’s attacks. Some applications that use a Twitter API were experiencing difficulties as the API itself remained only partly working for much of the weekend.

“*Finally* have what we hope is good news for everyone,” Twitter developer Ryan Sarver in a post to the Twitter Development Talk Google Group on Sunday. “As of about 10 minutes ago, we have been able to restore critical parts of API operation that should have great affect on your apps … most of your apps should begin to function normally again.”

Some respondents in the Google group said that their applications were not working, while others were satisfied with the changes to the API.

Proactive protection

As Facebook, Twitter and related services slowed to a crawl or went down completely, IT managers and developers looked for lessons they could use to protect their own critical services from such attacks.

Executives at Voxel, a Web hosting company whose clients include high-profile sites like and, offered some basic advice but cautioned that nobody should expect perfect protection from a denial-of-service attack.

“No provider in the world can promise the silver bullet, that they are immune to a denial-of-service attack,” Voxel CEO Raj Dutt told

Added Adam Rothschild, Voxel’s vice president of network architecture and operations, “Tens and hundreds of gigabits can take down pretty much anything.”

Every critical Web site should be located in multiple datacenters, Rothschild said.

“If you have a single datacenter and expect this level of uptime, you have your head in the sand,” he said. But he added that running complex Web sites on multiple datacenters is not easy due to issues such as maintaining database concurrency.

Another way to fight off a denial-of-service attack is to use a content delivery network (CDN) . “Even some of our smaller customers have benefited from our CDN,” Rothschild said.

Finally, enterprise IT managers should be able to tap expertise concerning network management, as Facebook and Twitter likely did with their providers, Dutt said.

News Around the Web