Hackers created zombie networks or 'botnets' on personal computers in order to bombard the DNS servers with traffic. Zombie computers can be used by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or to steal confidential information. While the computer owners may have been unaware that their PCs were compromised, had the attack been completely successful then all Web site access and e-mail delivery would have been suspended globally.
"These zombie computers could have brought the Web to its knees, and while the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem - the lax attitude of some users towards IT security," said Graham Cluley, senior technology consultant at Sophos. "Society is almost totally reliant on the Internet for day-to-day communication -- it's ironic that the people who depend on the Web may have been the ones whose computers were secretly trying to bring it down."
Root servers, which manage the Internet's Domain Name System, help to convert Web site names such as amazon.com to their numeric IP address - essentially acting as an address book for the Internet. UltraDNS, which manages traffic for Web sites ending with the suffix .org and .info, confirmed that it had witnessed an unusual increase in traffic. In all, three of the 13 servers at the top of the DNS hierarchy are said to have felt the impact of the attack, although none are thought to have stopped working entirely.
"If the DNS servers were to fall over then pandemonium would ensue, emphasizing the importance of properly defending all PCs from being taken over by hackers," continued Cluley. "A denial-of-service attack like this swamps Web-connected servers with traffic from many computers around the globe. It's a bit like twenty hippos trying to get through a revolving door at the same time - there's no route through and everything clogs up. Fortunately the system is designed to be extremely resilient to these kind of attacks, and the average man in the street won't have noticed any impact."
Some reports have suggested that much of the attack traffic may have come from computers based in South Korea. However, the motivation for the attack remains unclear.
