MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

22.11.09

DDoS Botnet. New crimeware particular purpose

An attack by Denial of Service (DoS) consists basically of abuse of a service or resource by successive requests, either intentional or negligent, which eventually break the availability of such service or resource temporarily or completely.

When this type of attack is performed using the processing power of an important set of computers carrying out the abuse of requests synchronously, we are witnessing an attack Distributed Denial of Service (DDoS).

DDoS attacks aren't new at present (such as Blaster malicious code designed for this kind of attacks against Microsoft in 2003, is a classic example) and their use is a resource of any malicious activity connotation, even mafia.

In this sense, most botnets general purpose contemplated as part of its bid criminal attacks distributed denial of service by taking advantage of benefits offered by the zombies that are part of the network, and the particular purpose to perform a type specific attack against a specific target also, is typical of today.

From a perspective on cyber war, the DDoS also plays a fundamental role in the offensive mode used in this digital war also known as Cyber-Warfare, and is a resource that is part of a strategy involved in the attack analysis CYBINT (Cyber Intelligence).

However, under this scenario the attack may also be used defensively in an analytical strategy to assess the constraints outlined critical services of a State.

But whatever purposes they hide behind the attack, cyber-criminals (especially those of Russian origin) constantly seek to facilitate the issue by offering crimeware developed for use exclusively with criminal minds.

The point is that a new web application for controlling botnets, is In-the-Wild, marketed in the Russian black market at a "competitive", USD 350.

The crimeware is designed to recruit and train a botnet zombies (particular purpose) intended exclusively for attacks of the type of DDoS SYN Flood, ICMP Flood, UDP, HTTP and HTTPS. In the following screenshot shows part of the configuration of the application written in PHP.

Among its outstanding features are the ability to run as a service (which is part of its defense strategy), control and administration (C&C) is done through HTTP, integration with other crimeware of his style, recording of activities (logs) with information processed on each attack (Intelligence), among many others.

I believe that research of this type of criminal activity must have the touch method that offers the activities of intelligence, as though for a home user this type of attack may matter little, not true when what is at stake are assets of the companies. As security professionals should be aware of the state of the art of crimeware, and incorporate measures of intelligence in their work.

Information related to crimeware
Russian crimeware prices. Part 2
Russian Trade crimeware private versions ...
ZeuS and power Botnet zombie recruitment
Process Automation anti-analysis II
Eleonore Exploits Pack. New Crimeware In-the-Wild
Looking closely at the structure of Unique Sploits Pack
Adrenaline botnet: command area. The Russian crimeware ...
YES Exploit System. Another crimeware Made in Russia
Barracuda Bot. Botnet actively exploited
ElFiesta. Recruitment zombie across multiple threats

Information related to Cyber-Warfare
Computer Intelligence, Information Security and Cyber-War
CYBINT in the business of Russian cyber-crooks
Kremlin Kids: We Launched the Estonian Cyber War
Kremlin-backed youths launched Estonian Cyberwar, says Russian official
Digital Fears Emerge After Data Siege in Estonia
Cyberattack in Estonia - what it really means

Jorge Mieres

0 comentarios:

Post a Comment