AOL and Intel defaced22/06/2007 Written by Marcelo Almeida (Vympel)
Three different DDoS attacks temporarily took Zone-H offline for some days, preventing Zone-H team to publish news and to update our Attacks Archive. Now that all Zone-H activities have been restored we point out some important digital events that affected both companies and governmental websites during last weeks .
One of the most worth noticing attack was carried out by a Turkish defacer against AOL’s website, based in Puerto Rico.
There is still no documented clue about how the attacker managed in penetrating the web server, but he is likely to have used a recent flaw in Solaris where a correct exploitation results in a remote code execution .
But this is not the only recent case which provoked some problems to popular companies: a Turkish defacer known by the handle uykusuz001, on May 20th defaced the page “Content and Service Management Software” on Intel’s web site . Such attack was possible because of a configuration mistake in the WebDav, a component of IIS.
Through this flaw, the defacer penetrated in the site and left a page with the message “One Turk against the world no war forever, world peace and justice for all”.
Another Turkish attacker was partially responsible for the break down of Zone-H, which was heavily attacked through a distributed Denial of Service attack. We localized three different origins : a first attacks came from Estonia, as a consequence of last month’s cyber protests, a second wave of dDoS was launched from Turkey, because of the action of a single defacer. A third attack-origin was identified but it was not possible to understand where it was based.