VeriSign's chief of security Ken Silva said that the attacks seemed to have been tested in late December and January. However, they have not been seen since. This could mean that either the hackers were caught, or they are using the threat of the killer attacks to blackmail companies.
During the two months, 1,500 separate Internet Protocol addresses were attacked using this method and were bigger than anything Verisign has ever seen, Silva said.
Unlike normal DoS attacks, where a network of bots mounts an attack on a single server, the new attacks involve sending queries to DNS (domain name system) servers with the return address pointed at the targeted victim.
This results in the DNS server making the direct attack and it is a lot harder to stop.
With an old style attack, it was possible to stop a bot-delivered DOS attack by blocking the bot's IP address. However, it is a lot harder to block a DNS server without tiggering the company's operation.
More at ZD Net. ยต