DDoS Attack Knocks Out DoubleClick Ads

A distributed-denial-of-service attack hits the ad-serving company's DNS, slowing its customers' sites and leaving online ad spaces blank.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

DoubleClick Inc. suffered a DDoS (distributed denial of service) attack Tuesday that knocked out its popular online ad-serving service and its own corporate Web site for several hours, the company has confirmed.

The DDoS attack targeted DoubleClicks DNS (domain name system) and interrupted its ability to serve online ads to its 900 customers from about 10:30 a.m. EDT to 2 p.m. EDT, spokeswoman Jennifer Blum said.

The DDoS attack also dinged performance on major Web sites that use DoubleClick-hosted ads. Web monitoring vendor Keynote Systems Inc. reported that availability dipped as low as 76.4 percent for the 40 major sites it tracks.

"Beginning this morning, our DNS infrastructure [has] been under a denial-of-service attack from outside sources," New York-based DoubleClick said in statement. "The attack caused severe service disruption for many of our ad-serving customers. The situation has been resolved."

The attack follows the unleashing of a variant of the MyDoom e-mail worm, MyDoom.O, that interrupted access to search engines Google, Yahoo and AltaVista on Monday and continued its damage Tuesday by launching a DDoS attack against Microsoft.com.

The DoubleClick outage also was reminiscent of a DDoS attack last month that hit Akamai Technologies Inc. and caused performance slowdowns for major Web sites such as MSN.com, Microsoft.com and Yahoo.com.

"The attack was against the infrastructure of a service provider, in this case DoubleClick, that is common to many sites," Lloyd Taylor, Keynotes vice president of technology, said in a statement. "The performance of these sites was dramatically affected by something over which they had no control, and may not even have known about until their customers called in to complain."

In the case of DoubleClick, the DDoS attack against it did not necessarily knock out its customers sites but caused slowdowns in the loading of Web pages, as DoubleClicks servers could not respond to requests for ads, customers said.

Incomplete page loads will cause a site to appear as unavailable on Keynotes Business 40 Internet Performance Index, said a representative of San Mateo, Calif.-based Keynote. During the time of the DoubleClick DDoS attack, the Keynote index fell from about 96 percent availability to a low of 76.4 percent, fluctuating widely.

/zimages/2/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

One DoubleClick customer, who asked not to be identified, said he had to pull DoubleClick ads in order to prevent problems for Web site visitors.

"Weve been running most of the day without DoubleClick ads, so we certainly lost revenue from this," said the technical manager of a media site.

DoubleClick last battled a denial-of-service attack in 1999, which caused an outage of a few hours, Blum said.

Blum said the company has launched an internal investigation into the newest attack and has notified "proper authorities," but declined to identify the authorities.

/zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. /zimages/2/77042.gif

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: /zimages/2/19420.gif http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif