14 DAY TRIAL // Over the weekend, the web page of Mikhail Saakashvili, the president of Georgia, has been under an intense DDOS (denial-of-service) attack, which caused it to temporarily shut down. According to the Shadowserver Foundation, the attack began on Saturday morning and rendered the web page unavailable for a period of about 24 hours. Here is an example of the commands the foundation has detected so far: "flood http www.president.gov.ge/".
The server that hosts the Presidential web page also harbors the Social Assistance and Employment State Agency website, as well as other sites that have become unavailable due to the attack.
Steven Adair from the Shadowserver Foundation comments: "Who else have these guys been attacking with this MachBot C&C server? The answer is no one. This server recently came online in the past few weeks and has not issued any other attacks that we have observed until recently. All attacks we have observed have been directed right at www.president.gov.ge."
What is the reason for this multi-pronged distributed denial of service attack? Since the Shadowserver Foundation has yet to provide a precise answer, we can only speculate. What we do know is that political relations between Georgia and Russia have been quite tense recently. There are reasons to believe the attack originates from Russia and, as the attack on Lithuania has proven, this is the usual manner in which Russian hackers respond to political tensions.
"We do not have any solid proof that the people behind this C&C server are Russian. However, the HTTP-based botnet C&C server is a MachBot controller, which is a tool that is frequently used by Russian bot herders. On top of that the domain involved with this C&C server has seemingly bogus registration information but does tie back to Russia," says Steven Adair.
The Shadowserver Foundation is made up of several security pros that voluntarily monitor online traffic in an effort to detect malware, botnet activity, and electronic fraud. People must be made aware of the threats they may encounter while surfing the web, threats that range from malware spreading sites to compromised servers.