We monitor many organizations every day. Some of them have been compromised by attacks several times. Some suffer denial-of-service attacks. Our service is designed to detect compromises as well as denial-of-service attacks.

Attackers go to great lengths to hide their identities—often using chains of servers in different countries, and domains registered in places where it’s hard to discover the owner.

For example, one attack injected javascript code (hacked into a home page) that redirected browsers to a hijacked server in the Netherlands, using a domain registered in a Carribean nation.

And finally, it all linked to a server in a third country which held the payload of nasty software that was supposed to download and infect the browsers.

This doesn’t mean the attack itself was from the last country in the chain—it just means the software was being stored on a server there.

[graphic snapped from Google Earth]