Forgot your password?
typodupeerror
Botnet Security IT

Botnet Flaw Lets Researchers Disrupt Attacks 26

Posted by Soulskill
from the perhaps-should-have-hidden-the-on/off-switch dept.
Trailrunner7 writes "A team of researchers has discovered a weakness in the command-and-control infrastructure of one of the major DDoS toolkits, Dirt Jumper, that enables them to stop attacks that are in progress. The discovery gives the researchers the ability to access the back-end servers that control the attack tool, as well as the configuration server, and key insights into the way that the tool works and how attackers are using it. Dirt Jumper is not among the more well-known of the DDoS attack toolkits, but it's been in use for some time now and has a number of separate iterations. The bot evolved from the older RussKill bot over time, and various versions of the tool's binary code and back end configuration files have been made public. Researchers have watched as the bot has been used in attacks around the world against a variety of targets, and now they've been able to find a crack in the malware's control infrastructure."
This discussion has been archived. No new comments can be posted.

Botnet Flaw Lets Researchers Disrupt Attacks

Comments Filter:
  • Yet another example of country coming apart at the seams.

    • Well, the first crack of course is getting rid of M$ and use a proper OS instead.
      After that one could go after the baddies...
      • by Krojack (575051) on Wednesday August 15, 2012 @05:21PM (#41001905)

        Correction, The proper fix would be to not let click happy stupid people use the internet.

        It's already been proven that Linux & Mac OS's can also be infected so it really doesn't have anything to do with MS. It all comes down to the end user and installing every little stupid thing and clicking on anything that jumps in front of them.

        • by tlhIngan (30335)

          It's already been proven that Linux & Mac OS's can also be infected so it really doesn't have anything to do with MS. It all comes down to the end user and installing every little stupid thing and clicking on anything that jumps in front of them.

          Not to mention it seems a lot of malware these days are usermode based. They're not trying to hide from users anymore, other than being plausibly-sounding processes with plausible paths. Everything they need to do the user can do - they don't need admin anymore

          • Hmm, seems that you could actually create some sort of protection against this by writing a program which checks for spurious duplicates of system files.
        • by tlhIngan (30335)

          The proper fix would be to not let click happy stupid people use the internet.

          Then we might as well bottle the internet back up as a DARPA research curiousity then.

          Generally speaking, the security model assumes people know what they're doing, which is patently false. The computer and the internet are essential tools these days for many occupations, whether or not the people want it. A mechanic probably has to use a computer to diagnose a modern car, but he certainly doesn't need to know how to reinstall Win

        • by mcgrew (92797) *

          It's already been proven that Linux & Mac OS's can also be infected

          I don't think "infected" is the right word for a trojan. However, Windows is the only OS that one could get infected by a virus (not trojan) by simply opening an email or visiting a web page.

          That said, Windows is a lot more secure than it used to be. I doubt anyone but the click-happy who are dumb enough to answer "would you like to let this program change your computer?" would say "yes" if they thought they were going to a linked web p

  • Yo dawg,
    I herd you like to exploit flaws,
    so I put a flaw in your flaws exploit kit,
    so you can exploit flaws while your devkit's flaw is exploited.

  • The bot evolved from the older RussKill bot over time, and various versions of the tool's binary code and back end configuration files have been made public.

    What does that mean? Was some of the code stored in another numeral system? And why was the code so hard to get hold of?

  • I'm surprised some company or country hasn't gotten PO'd enough to write a counterattack that just bricks all the infected machines in a botnet.
  • Really, how could the editor overlook such a cute headline?

  • by Anonymous Coward

    .... the researchers would be able to submit a patch.

  • I wonder why they are announcing the security flaw in the malware. Shouldn't they try to exploit the security flaw to find the malware users first?

    What's the benefit of reporting the flaw? Usually, people report security flaws so that the application writer can close them. Do they actually want the DDOS kit to close its security flaw? Does that make the world better in some way?

    The only possible advantage that I can see is that it might make other malware users more careful about using similar software.

You've been Berkeley'ed!

Working...