An analytical study conducted by US security firm Damballa has been revealed that the cyber attack which was targeted at Google's corporate infrastructure and that of 20 other US companies, was apparently carried out by a group of amateurs, who had been testing the attack since July 2009.
The company revealed that upon thorough investigation of the malware and CnC (Command And Control) topologies used by the cyber criminals, it was determined that the attack was a version of an increasingly common botnet attack, albeit a dangerous one.
Gunter Ollmann, vice president of research at Damballa, dismissing the Google attack as a state-sponsored operation, said in a statement that “I would say this particular botnet group was not well funded because the level of the tools used would have been far superior to what it was. Some of the codes within the malware were at least five years old.”
Explaining the functionality behind the alleged amateur botnet attack, Ollmann said that the botnet was based on basic command topology and relied heavily on Dynamic DNS CnC techniques which are hardly used by professional botnet developers who prefer more sophisticated techniques.
Mr. Ollmann went to add that criminals had targeted companies in seven other countries before setting their eyes on Google.
If Damballa's suggestions are indeed true, it raises the spectre of even more lethal attacks in the future which could bring down significant portions of the internet. Damballa has a number of reports published on CNC Topologies which you can read here.