Are government servers responsible for DOS attacks?

Network Associates Inc. Thursday released two updates to its information security products free of charge that will detect and remove the underlying vulnerability behind this week's cyberattacks on commercial Internet sites, a vulnerability that possibly turned federal agencies into launching points for the attacks.

A security gap in Solaris and Linux-based servers that allows hackers to place malicious code on a server without the administrator's knowledge is responsible for the series of denial-of-service attacks this week against the Yahoo, eBay, ETrade and World Wide Web sites. The attacking code, in the form of an agent, is placed on many machines, which then send multiple requests to the victim's server, essentially flooding the system and forcing administrators to shut it down.

While federal sites have not yet been attacked in such a manner, many officials are concerned that agency systems are unwittingly hosting these agents and are therefore participating in the attack. The FBI, Commerce Department and the Federal Computer Incident Response Capability are working with agencies to determine whether their systems are hosting the agents, and the FBI's National Infrastructure Protection Center has posted a tool that agencies can download and run on their systems to detect the code.

Following the first attacks earlier this week, Network Associates started working on updates to its VirusScan and CyberCop products and services, said Peter Watkins, president and chief executive officer of Network Associates. The company is now offering all of these updates, including a free one-time scan and report, for download through their Web site.

The CyberCop Zombie scan is an extension of the Network Associates' new managed security services offerings. Although now part of the CyberCop ASaP vulnerability scanning service, users can perform a free, one-time CyberCop Zombie scan that will check a system for the agent and the vulnerability. If anything is found, it will be reported back to the system administrator via e-mail, along with the method to remove the agent and the patch to fix the vulnerability, said Zach Nelson, CEO of

Network Associates has also added the scan for this vulnerability to its VirusScan product, which can be downloaded as an update and will run along with the rest of the checks whenever a scan is scheduled.


Denial-of-service attacks are when a system is rendered unusable for legitimate users because a resource is "hogged," damaged or destroyed. Denial-of-service attacks may be caused deliberately or accidentally.

Three common forms of network denial-of-service attacks are service overloading, message flooding and signal grounding. Although they are difficult to prevent, many denial-of-service attacks can be hindered by restricting access to critical accounts, resources and files.

(From the National Institute of Standards and Technology's Computer Security Resource Clearinghouse)

Related Stories

Dot-com attacks seen as wake-up call for feds

Proactive e-security

Related Sites

NIPC tool

Network Associates CyberCop Zombie scan

Carnegie Mellon University CERT advisories


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected