DoubleClick Hit by Hack Attack

Interactive advertising firm DoubleClick became the latest high-profile Internet company to be hit by hackers as a distributed denial of service (DDoS) attack knocked out the company’s advertising servers for several hours, slowing many of the most popular Web sites as a result.

The attack hit DoubleClick’s domain name system (DNS) servers with a barrage of phony page requests, leaving it unable to serve online ads to many of its 900 customers for about four hours on Tuesday.

DoubleClick spokeswoman Jennifer Blum told the E-Commerce Times that the company knows only that the attack came from “outside sources.” Security experts said it appears the attack used hundreds of “zombie” personal computers that had been previously infected with a virus that commanded them to send requests to DoubleClick’s server at the same time.

Web Sites Down

“The attack caused severe service disruption for many of our ad-serving customers,” Blum said. “The situation was resolved within several hours.”

During that time, however, the performance of many of the top Web sites suffered, as with pages for the Washington Post, New York Times, CNet Networks, Nortel Networks and others taking far longer than usual to load all of their graphics and text.

According to Web measurement firm Keynote Systems, the attacks put a dent in the availability of many Web pages. That firm’s Business 40 Internet Performance Index fell to a low of 76.4 percent during the attack, from a typical level of around 96 percent.

Spike in Attacks

The attack against DoubleClick marked the third time in as many weeks that major sites have been hit by some kind of Web-based attack. The denial-of-service assault on Doubleclick most resembled an attack on the servers of Akamai technology, which handle Web traffic for many of the world’s most heavily trafficked Web sites, including MSN and Yahoo.

Earlier this week, Google searches were bogging down as the result of the latest version of the MyDoom virus, MyDoom.O, which was wrecking havoc with e-mail systems around the world and later launched its own DoS attack against Microsoft servers.

Unknown Source

Graham Cluley, senior technology consultant for antivirus firm Sophos, said there is no immediately apparent connection between the DoubleClick attack and either MyDoom-O, which slowed search engines earlier in the week, or the worm it has dubbed Zindos, which launched DoS attacks on Microsoft.com at about the same time.

“So far we have seen no malware which specifically targets DoubleClick, so it’s a mystery as to who may have been behind it, or whether it might be connected to the recent attack on Akamai,” Cluley told the E-Commerce Times.

Lloyd Taylor, vice president of technology at Keynote Systems, said the attack was similar to the one that hit Akamai recently because it used an indirect approach to dent the performance of popular Web sites.

Rather than attacking top sites head-on — such attacks are often spotted quickly — the hackers targeted the infrastructure of a service provider, in this case the servers that load the ads onto Web pages.

“The performance of these sites was dramatically affected by something over which they had no control, and may not even have known about until their customers called in to complain,” Taylor said.

Taylor noted that only monitoring that was being done from the perspective of end users would have spotted the degradation of performance quickly.