Ongoing Polictical DDoS in Georgia - UPDATE
Jose Nazario writes on the Arbor Networks blog:
The website for the President of Georgia, a former Soviet republic, has come under DDoS (hat tip: Shadowserver team). This attack appears to have a political motivation. One of the messages in the floods (HTTP, SYN, ICMP) reads “win+love+in+Rusia”. Tensions between Russia and Georgia appear to be running high lately.More here.
I do not know who exactly is behind the attacks, if they are acting alone or if they are associated with a political outfit anywhere.. The Georgian presidential website is still inaccessible (possibly firewalled to thwart the attack, possibly still under attack by additional botnets). The C&C server is located in the US, and I’ve alerted various parties to try and get some traction on the attack to discover who it is. This botnet is somewhat recent to us in its activities, but uses a codebase we’re familiar with (Machbot).
UPDATE: 20:49: More details available here on the ThreatExpert blog. -ferg