According to Jose Nazario, a senior security researcher with Arbor Networks, the technique – which is being used to effectively silence websites that relay information out of the country – appears to be in common usage in Malaysia and is starting to spread to other countries as well.
"We've been investigating these [attacks] and have sent information to the CERT team in Malaysia for assistance and to the CERT team where the DDoS controlling servers are located", he said in a security blog posting.
Dr. Nazario says that the attacks have been noted on Twitter, blogs and websites. The Twitter account for @fmtoday (for FreeMalaysiaToday) noted one of the attacks earlier this month as starting at 4am on September 8 and lasted until the site moved to a WordPress sub-site some 10 hours later.
The Arbor Networks researcher says that FMT moved briefly to WordPress to ride out the attacks, a tactic used by other sites in the past.
In addition, he says, when under attack, some sites have migrated to a beefier blogging site with more bandwidth.
"Malaysia Today has also suffered attacks and is now operating a low bandwidth version of their site to get their message out", he said, adding that fellow government critic Datuk Seri Anwar Ibrahim's blog also came under DDoS attack.
"All of these appear to be voices critical of the way things are run in Malaysia under the current government", he noted.
Dr. Nazario claims that the DDoS controllers involved have also attacked independent, critical voice newspaper sites in Pakistan and Nigeria in the recent past, as well as soccer sites, rogue pharmacy sites, and the like.
"We are working with others to try and have them disrupted. They are Black Energy botnets, a commonly available DDoS botnet toolkit", he said.