Warning: New Threat to Web Sites

A rash of DDoS attacks temporarily shut down Amazon.com, EBay, and other prominent sites. But the preventive measures that many sites subsequently implemented may not hold up against a new application, says an executive with business software vendor Computer Associates International.

"It's very, very sinister," says Alan Komet, a Computer Associates manager. "The code has been known for a while, but it has never been out in the wild before."

The tool, called "mstream," has been found at several universities, including the University of Washington. There, it was sitting in a computer running a Linux operating system, Komet says. Mstream is under development with an incomplete feature set, he adds.

In DDoS attacks, hackers flood Web sites by launching huge amounts of data traffic from multiple servers with one or more Internet-connected systems. The tactic essentially shuts the sites down.

While companies have taken steps to stop versions of the February DDoS attacks, such as Trinoo and TFN2K, the mstream tool incorporates new software that can avoid previous prevention and detection defenses, Komet says.

Among the security product offerings now available, Computer Associates is marketing an ETrust suite that Komet says can defend against the tool. The suite includes antivirus, intrusion detection, and access control software, Komet says.