[nsp-sec] pay 100 btc(bitcoin) or will be subjected to DDoS attacks 100 Gbit/s

[Felix Schueren]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 

> Here was the list of domains I collected being targeted yesterday
> (212):
> 
www.bigload.de
www.der-onlinekredit.de
www.essential-freebies.de
www.mein-rechtsanwalt.de
www.munich-business-school.de
www.top-duesseldorf-immobilien.de

confirmed for AS20773. For the above six entries from your list we got
extortion mails stating basically "Send bitcoins or we attack with
100Gbit/s", and at least "www.der-onlinekredit.de" and
"www.top-duesseldorf-immobilien.de" were hit for the last 24 hours with
lots of unspoofed HTTP GET queries for various parts of the sites,
apparently crawling through the site in a fashion that almost looked
like normal users. I'm having colleagues checking whether the other
sites got hit as well. Would there be anything we could log or check in
sampling stats that might be of help to someone?

Kind regards,

Felix


- -- 
Felix Schüren
Head of Network

- -----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath

(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus
den dt. Mobilfunknetzen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFOZ2zZjvSFhYIGdqcRAr3NAJ9IPnmxXi7xivgkPd2qSSGLOWQuCgCfWwkz
ILw1hFR8p6Zdrogca+6mOws=
=DdAa
-----END PGP SIGNATURE-----