C&C PHP script for staging DDoS attacks sold on underground forums
Posted on 10.09.2013
Earlier this year, US-CERT has deemed it important to release an alert about publicly accessible open recursive DNS servers that are increasingly being used in DNS amplification attacks - a very effective form of DDoS attack.

The problem often lies in the misconfiguration of these servers, which allows an attacker to send a DNS name lookup request to it with the source address spoofed to be the victimís address. When the DNS server sends the DNS record response, it is sent instead to the victim. Huge numbers of such requests sent by bots can produce an overwhelming amount of traffic with little effort.

Perhaps some administrators have taken the alert to heart and have reconfigured their servers to prevent them being misused in this way, but one thing is sure: attackers haven't stopped using the aforementioned attack tactic. In fact, they are set on making such attacks even easier.

While rummaging through the many underground forums used by cyber criminals to buy and sell stolen information and tools for performing a variety of cyber crimes, Webroot's Dancho Danchev has recently unearthed a C&C PHP script capable of integrating multiple compromised servers for the purpose of launching DDoS attacks.

"Currently, the PHP script supports four types of DDoS attack tactics, namely DNS amplification, spoofed SYN, spoofed UDP, and HTTP+proxy support. The script also acts as a centralized command and control management interface for all the servers where it has been (secretly) installed on," he shared.



Its current price is $800 but it's likely to go for more in the future as it is still in the early stages of development. Nevertheless, it seems that the author is sure of its capabilities.

Danchev is not aware of the script being used in the wild, but says that there is no doubt it will soon be.










Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //