The computer servers that powered the constant cyber attacks on several Vietnamese news websites over the last fortnight have been temporarily suspended, Hacker Vietnam Online (HVA), the country’s largest hacking online community, announced Tuesday.
“Even though the servers currently remain inactive, that they will be reactivated is certain,” the HVA wrote on its Facebook.
The online editions of Tuoi Tre Newspaper (Tuoi Tre News, Tuoi Tre Online, Tuoi Tre Mobile, and Tuoi Tre TV), as well as several other Vietnamese newswires including Vietnamnet, Dan Tri, and Kenh14, have been repeatedly attacked by mysterious hackers for the last 13 days.
The websites are attacked under the DDoS method, which is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet, according to Incapsula, an Internet safety service provider.
The DDoS method summons many computers and many Internet connections to attack. These form a group called Botnet, or zombie army, to take over Internet-connected computers usually with the assistance of malware like Trojan Horses.
“Generally without the knowledge of the computers’ rightful owners, these machines are remotely controlled by an external source via standard network protocols, and often used for malicious purposes, most commonly for DDoS attacks,” Incapsula explained in an article on its website.
‘Just the beginning’
On a status update posted on its Facebook, HVA warned the victims of the recent cyber attacks that the hackers may return more ferociously after this temporary stop.
“It’s just the beginning,” it warned.
“The victims should strengthen its Internet infrastructure as well as human force to be well-prepared for future attacks,” the status reads.
HVA also spoke highly of the contributions of the local online community, which it said “has made effort in helping HVA and hacking experts to trace the root of the attacks.”
Nguyen Hong Phuc, an HVA member, was quoted by Vietnamese language newswire VietnamPlus as saying on Tuesday that thanks to the help from the community, HVA has discovered that several servers involved in the attacks were hosted by the Lease Web GmbH, based in Germany.
Phuc told the newswire that HVA contacted the German company to tell them that some of their customers had been controlling some “zombie army” in Vietnam.
The said servers were eventually suspended in early Tuesday.
“But whether they were suspended by the hosting company or by the hackers themselves remains to be seen,” Phuc admitted.
Check your computers
As the hackers behind the DDoS method maliciously take over computers and Internet connections to form the botnet for the attack, your computers may already be a victim without your knowledge.
Since most of the IP addresses of the attacking machines are from Vietnam, local computer users are recommended to visit http://www.antibotnet.tk/ to check if their machines are hijacked or not.
Should the site return a message that reads “An Toan”, the computers are safe from the malware. On the other hand, the message “Co Nguy Co Bi Nhiem” means the machines are highly suspected of having been taken over.
Victims are advised to contact firstname.lastname@example.org for help, or download the virus remover at http://www3.cmcinfosec.com/downloads/Fakebtstl%20Remover%20Tool.exe