There may be hundreds of thousands of unsuspecting British computer users involved in cyber attack, because their router has been compromised.
Spamhaus, which runs a filtering service used to stop spam emails has been under attack from 18th march after they added a Dutch hosting organisation called CyberBunker to their list of unwelcome internet sites.
James Blessing, a member of the UK Internet Service Providers’ Association council said that some users may be suffering some slower than normal internet connections.
He said “It varies depending on where you are and what site you’re trying to get to. Those who are used to it being really quick will notice.”
Cyberbunker offers hosting for any content as long as it isn’t child pornography or linked to terrorism. In mid March Spamhaus added their internet addresses to be blacklisted.
When this was found out according to reports the hosting company and a large number of Eastern European gangs enlisted hackers to use huge botnets to attack the service. Some home and business broadband routers are also involved in the attacks.
The hackers have exploited the internet’s domain name system servers. They have spoofed requests for lookups to the DNS servers so they seemed to come from Spamhaus. The servers then responded with masses of responses, all aimed back at Spamhaus.
Many of the attacks have been coming from unsuspecting UK users with badly configured routers and modems. Many routers in the UK have been provided by ISP’s who have settings embedded to allow them to be controlled remoted for servicings.
Experts are concerned that this may be the start of more serious attacks in future. Dan Kaminsky, a security researcher said “You can’t stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.”
Kitguru says: Spamhaus are paying a price for adding Cyberbunker to their list.