David Sønstebø [12:33 AM] 
@here Someone is attempting to attack the mainnet at the moment, for security precautionary sake we encourage you to not do value transfers at the moment, while we analyze the details of this attempted attack. Bitfinex and YDX has been informed as well.

David Sønstebø [4:20 AM] 
@here Thus far it seems indeed that there was never any actual risk involved here. We are still sorting through the details and will release a patch and details shortly. These kinds of attacks provide us with a lot of free data to conduct further research on how Tangle operates under unique circumstances

David Sønstebø [6:20 AM] 
@here a blog post will come tomorrow which elucidates everything and provide the patch. What we can say already is that this 'attack' has validated IOTA further

Warning
×
As of September 11, 2017 (Never Forget)
This webapp has been blacklisted by the https node operators due to network/performance issues. Running this webapp over GitHub Pages forces an https connection, so this webapp must connect to https nodes. But since there were only two https nodes in the main list, they were getting hammered by traffic. I have also disabled the https nodes from being spammed at the request of their owners.
One solution to this is to download this webapp and run it locally. This will allow you to hit the http-only nodes and spread out the traffic. https://github.com/pRizz/iota-transaction-spammer-webapp/releases/download/1.0/iota-transaction-spammer-webapp.zip Just download the zip, unzip, and open the index.html file in your browser.
About the network attacks
This tool was not made with the intention of hurting the IOTA network, but rather strengthening it. IOTA is still very early in its development and will need to handle traffic orders of magnitude higher than the people spamming the network today, in order to succeed as a cryptocurrency in the future. This "attack" acts as a test for the network that can be utilized to further improve the code, fix bugs and performance issues. Don't panic just because of one little bump in the road. IOTA has a long and exciting future ahead!

A Coordinator milestone is a bundle consisting of 2 transactions. The first transaction contains a tag equal to the milestone index and the signature. The second transaction contains service data required for the signature verification. The attacker exploited the fact that during one of the optimizations the check for a milestone index being within some range was removed. He generated another transaction being a 90% copy of the first one but with a tag with a higher milestone index. That is a pretty standard bug.

The nature of the attack was the following: Take legit milestone and increase its index by 0x200000. Next time Coo issues next milestone it won't be accepted coz its index is lower.

try {
    final int previousLatestMilestoneIndex = latestMilestoneIndex;
    Set<Hash> hashes = AddressViewModel.load(tangle, coordinator).getHashes();
    { // Update Milestone
        { // find new milestones
            for(Hash hash: hashes) {
                if(analyzedMilestoneCandidates.add(hash)) {
                    TransactionViewModel t = TransactionViewModel.fromHash(tangle, hash);
                    if (t.getCurrentIndex() == 0) {
                        if (validateMilestone(mode, t, getIndex(t))) {
                            MilestoneViewModel milestoneViewModel = MilestoneViewModel.latest(tangle);
                            if (milestoneViewModel != null && milestoneViewModel.index() > latestMilestoneIndex) {
                                latestMilestone = milestoneViewModel.getHash();
                                latestMilestoneIndex = milestoneViewModel.index();
                            }
                        } else {
                            analyzedMilestoneCandidates.remove(t.getHash());
                        }
                    }
                }
            }
        }
    }

Every 2.0s: ./tools/node_info.sh                                                                                                         node0: Fri Sep 15 00:10:21 2017

{
    "appName": "IRI",
    "appVersion": "1.3.2.2",
    "duration": 0,
    "jreAvailableProcessors": 24,
    "jreFreeMemory": 148599936,
    "jreMaxMemory": 894959616,
    "jreTotalMemory": 670040064,
    "jreVersion": "1.8.0_144",
    "latestMilestone": "I9QBZNN9QJPEDUGKRKEXHQVTRQLIGVNFGJCIJFGWVAYZJWSTQYFWSPFEMBYFACGQTKAQTTWFIYLN99999",
    "latestMilestoneIndex": 6492449,
    "latestSolidSubtangleMilestone": "PHWWPC9BHZGDWROBRMV9OUCO9XQJRHCRIXHHLDUXOQIRZLNCBWQECECSPWGBUKAPVHRHMKMJGVQC99999",
    "latestSolidSubtangleMilestoneIndex": 205137,
    "neighbors": 11,
    "packetsQueueSize": 0,
    "time": 1505405421756,
    "tips": 309,
    "transactionsToRequest": 1
}