• silicon.com
• Technology
• Security

By Will Sturgeon, 4 October 2004 16:20

NEWS Online transaction service Worldpay appears to be the latest victim of a Distributed Denial of Service attack (DDoS) over the weekend with its website falling off the face of the internet by Monday.

Such attacks typically involve bombarding websites or servers with enough traffic as to render them unusable - typically through a co-ordinated attack by hi-jacked machines as seen with the endgame of the MyDoom virus attack which turned its army of 'zombies' on SCO.

In an email note to customers, Worldpay said it was doing all it could to counter the attack but could not say when normal service would be resumed.

The note said: "While attacks of this type can be anticipated, it does take time to identify and deal with the exact nature of a particular attack. We are doing everything that is possible to restore a full service as soon as is possible."

This isn't the first time Worldpay has been hit with such an attack.

One would-be user, who may now have been lost to Worldpay, told silicon.com: "I’ve been researching online payment providers we might switch to and haven’t been able to get through to Worldpay’s site once. Not a great advert for their services."

While such attacks can be planned for and should now be a commonly regarded risk by all online firms there is a growing feeling that blame for such an attack should not be levelled at the company, even in days of such heightened awareness.

Malcolm Seagrave, security expert at Energis, said Worldpay should not be held up for criticism.

"Security can't be implemented properly at the customer level for this type of attack; it must be done at the internet service provider level - yet we, as an industry, are ridiculously lax in pushing this," said Seagrave.

Seagrave warned that such attacks, predominantly the domain of criminals attempting to extort money from online bookies, will increase in prevalence in the run-up to Christmas and warned all businesses to demand more protection from their ISPs.