Skip navigation
Help

Denial-of-service attacks

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Nathan Yau

In distributed denial-of-service attack a bunch of machines make a bunch of requests to a server to make it buckle under the pressure. There was recently an attack on VideoLAN's download infrastructure. Here's what it looked like.

So you see this giant swarm of requests hitting the server. In contrast, here's what normal traffic looks like. Much more tranquil.

[via FastCo]

0
Your rating: None
Original author: 
Dan Goodin

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.

Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.

Read 3 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Dan Goodin

Wikipedia

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Read 9 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Sam Byford

Dscf0815_large

After a self-imposed 12-hour halt in trading due to crammed servers, Tokyo-based Bitcoin exchange Mt. Gox attempted to get back in business today with upgraded hardware — but it didn't take long before things went wrong again. The site is currently offline due to what the exchange tells The Verge is a "huge" DDoS attack; trading resumed for less than two hours.

Continue reading…

0
Your rating: None



Security researchers have disabled the latest botnet created with Kelihos malware, stopping a 116,000-bot-strong operation devoted to Bitcoin hacking and other crimes. Announced today, the operation took place last week and was run by Kaspersky Lab, CrowdStrike, Dell SecureWorks, and the Honeynet Project.

While the first Kelihos botnet (also known as "Hlux") was taken down last September, an entirely new botnet using the same code was identified earlier this year.

In addition to spamming and distributed denial-of-service attacks, this latest botnet was capable of both stealing Bitcoin wallets from infected computers, and BitCoin mining, which uses the resources of victimized computers to make new Bitcoins.

Read the rest of this article...

Read the comments on this post

0
Your rating: None



Is turnabout fair play? A handful of Anons have found themselves on the wrong end of a hack in the wake of the US government takedown of Megaupload. On January 20, just one day after Megaupload founder Kim Dotcom was arrested in New Zealand, an unknown attacker slipped code from the infamous Zeus Trojan into the slowloris tool used by members of Anonymous to carry out DDoS attacks on websites that have drawn their ire. As a result, many of those who participated in DDoS attacks targeted at the US Department of Justice, music label UMG, and whitehouse.gov also had their own PCs compromised.

Security firm Symantec details how some Anons ended up with Zeus on their systems. After modifying the Slowloris source to include code for the Zeus trojan on January 20, the attacker changed a couple of Pastebin guides used to bring would-be DDoSers up to speed to show a new URL for downloading the Slowloris tool.

Each time Slowloris was downloaded and launched after the 20th of January, a Zeus botnet client was installed too. The Zeus client then stealthily downloaded a "clean" version of Slowloris to replace the modified copy in an attempt to conceal its existence on the infected PC. In the meantime, the Zeus trojan did its usual dirty work: capturing passwords and cookies, as well as banking and webmail credentials, and sending them off to a command-and-control server.

Symantec's research shows the modified version of Slowloris was widely downloaded. "This Anonymous DoS tool on PasteBin has become quite popular among the Anonymous movement with more than 26,000 views and 400 tweets referring to the post," noted Symantec's official blog. 

The compromised version of Slowloris is no longer linked to on Pastebin: it appears that coverage of the shenanigans pulled on Anonymous has resulted in what looks to be a link to the correct verison of Slowloris being restored to the Pastebin guide.

Having Zeus installed on one's PC is absolutely no fun at all, so those who have downloaded the compromised version of Slowloris are going to have their hands full trying to hunt down and eradicate the trojan. Indeed, we see a number of clean OS installs in the immediate future for those who participated in DDoS attacks after the Megaupload takedown.

Read the comments on this post

0
Your rating: None