Dirt Jumper DDoS Toolkit Riddled With Vulnerabilities
A security vendor has turned the tables on malicious hackers by releasing details of a vulnerability in a popular toolkit used to launch distributed denial of service (DDoS) attacks against corporate websites.
The toolkit in question is the infamous Dirt Jumper, which is based on the RussKill application that has become one of the most popular DDoS tools in the World Wide Web’s seedy underground.
Prolexic revealed earlier this week that it had identified a vulnerability within the command and control (C&C) structure of Dirt Jumper, which makes it possible to use open source pen testing tools to access the toolkit’s database and its server-side configuration files.
Scott Hammack, CEO of Prolexic, said that using the information it would be possible for those targeted by DDoS to access the C&C server and put a stop to it.
“It is our duty to share this vulnerability with the security community,” added Hammack.
This latest development comes after a week of high profile attacks on websites, including WikiLeaks, KrebsonSecurity and most recently, RT News.
As well as cracking Dirt Jumper, Prolexic has also revealed information that could help stop hackers using the Pandora DDoS toolkit in their tracks. The Pandora DDoS toolkit, which can be used to launch a variety of DDoS attacks including HTTP Download, HTTP combo, HTTP Min, Max Flood and Socket Connect attacks, made headlines last week when it took out the Brian Kreb’s website.
Prolexic explained:
“The HTTP Combo offers a one-two punch that targets the application and infrastructure layer simultaneously, while the Max Flood attack initiates a flood that contains a 1-million-byte payload within the POST request,”
Pandora, which is the latest edition of the Dirt Jumper family, claims to be so powerful that it can take out the average website using just 10 infected bots. Indeed, according to its creators, they were even able to use Pandora to slow down the Russia’s most popular search engine Yandex to a snail’s pace when they ‘tested’ the kit out.
However, Prolexic revealed that Pandora’s code was “messy”, containing numerous typographical errors:
“Infected bots beacon to the user’s C&C panel with broken GET requests that identify the availability of the bots. In addition, a GET request in the Socket Connect attack is sent as an ‘ET’ request, which is invalid HTTP request. Some web servers such as Apache, however, will interpret the ET request as a GET request and will respond with a valid OK response. Other web servers, such as nginx, will return a Bad Request error message.”
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU