Skip navigation.
Home

RussKill. Application to perform denial of service attacks

|

Conceptually speaking, a DoS attack (Denial of Service attack) is basically bombarded with requests for a service or computer resource to saturate and the system can not process more data, so those resources and services are inaccessible, "denying" the access to anyone who wants them.

From the standpoint of computer security, Denial of Service attacks are a major problem because many botnets are designed to automate these attacks, especially those of particular purpose, taking advantage of computational power offered by the network of zombies. In this case, the attack is called Distributed Denial of Service (DDoS).

Moreover, under the framework of the concept of cyberwarfare, this type of attack is part of the armament "war" through which virtual scenarios presented conflicts between their requirements as to neutralize a state vital services.

RussKill is a web application that is classified within these activities and that despite being extremely simple, both in functionality and in the way of use, is an attack that could be very effective and difficult to detect.

As is customary in the current crimeware, the web application is of Russian origin and has a number of fields with information about how and against whom to carry out the attack, letting you configure the packet sequence, ie the flow in amount. The option "Hide url" is a self-defensive measure designed to ensure that the server is detected.

Although several methods of DoS attacks, RussKill makes use of the attacks HTTP-flood and SYN-flood. In both cases the servers for flood victims through http requests and packets with fake source IP addresses respectively.

As I said at first, the denial of service attacks are a danger for any information system, regardless of the platform that supports services and applications such, in this case site, demonstrates the ease with which an attack of this type can run.

Jorge Mieres
Pistus Malware Intelligence

In Depth Analysis

Did you upload a copy of this software/crimeware to this site? Do you have hash values of the files included in this package? Thanks!