Skip navigation.

DDoS Botnet. New crimeware particular purpose

| |

An attack by Denial of Service (DoS) consists basically of abuse of a service or resource by successive requests, either intentional or negligent, which eventually break the availability of such service or resource temporarily or completely.

When this type of attack is performed using the processing power of an important set of computers carrying out the abuse of requests synchronously, we are witnessing an attack Distributed Denial of Service (DDoS).

DDoS attacks aren't new at present (such as Blaster malicious code designed for this kind of attacks against Microsoft in 2003, is a classic example) and their use is a resource of any malicious activity connotation, even mafia.

In this sense, most botnets general purpose contemplated as part of its bid criminal attacks distributed denial of service by taking advantage of benefits offered by the zombies that are part of the network, and the particular purpose to perform a type specific attack against a specific target also, is typical of today.

From a perspective on cyber war, the DDoS also plays a fundamental role in the offensive mode used in this digital war also known as Cyber-Warfare, and is a resource that is part of a strategy involved in the attack analysis CYBINT (Cyber Intelligence).

However, under this scenario the attack may also be used defensively in an analytical strategy to assess the constraints outlined critical services of a State.

But whatever purposes they hide behind the attack, cyber-criminals (especially those of Russian origin) constantly seek to facilitate the issue by offering crimeware developed for use exclusively with criminal minds.

The point is that a new web application for controlling botnets, is In-the-Wild, marketed in the Russian black market at a "competitive", USD 350.

The crimeware is designed to recruit and train a botnet zombies (particular purpose) intended exclusively for attacks of the type of DDoS SYN Flood, ICMP Flood, UDP, HTTP and HTTPS.

Among its outstanding features are the ability to run as a service (which is part of its defense strategy), control and administration (C&C) is done through HTTP, integration with other crimeware of his style, recording of activities (logs) with information processed on each attack (Intelligence), among many others.

I believe that research of this type of criminal activity must have the touch method that offers the activities of intelligence, as though for a home user this type of attack may matter little, not true when what is at stake are assets of the companies. As security professionals should be aware of the state of the art of crimeware, and incorporate measures of intelligence in their work.

Jorge Mieres
Pistus Malware Intelligence