Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva: New Generation of DDoS Attack Turns Servers Into Bots

May 2010 by Imperva

Imperva’s Application Defense Center (ADC), has uncovered a new generation of Distributed Denial-of-Service (DDoS) attack that appears to be more powerful, more efficient and less detectable than traditional methods.

What is it?

· A new type of DDoS attack that has currently infected hundreds of web servers

· Unlike traditional DDoS methods that capitalize on bot-infected PCs, the attackers have turned the web servers themselves into payload-throwing bots

How does it work?

Rather than use the server as a means of distributing Denial of Service (DoS) malware to PCs, the attackers infect the servers themselves with a malicious DoS application. Then, using a simple software program with a dashboard and control panel, the hackers configure the IP, port and duration of an attack. They simply insert the URL they wish to attack, click and go. Imperva was able to acquire the source code of this application and has screenshots which show it consisted of just 90 lines of PHP code.

Why is this unique?

Although servers are typically harder to compromise than PCs, by capitalizing on their greater horsepower, the hackers create a much more efficient and powerful DDoS tool using servers as the attack platform. The volume of the attack is more easily multiplied by the number of exploited web servers as well.

By using web servers, the attackers are even less detectable. Trace backs typically lead to a lone server at a random hosting company.

What should businesses do?

According to CTO Amichai Shulman, these attacks are ongoing and are not a onetime occurrence. Now that a network of server bots has been created, it will be quite easy for them to ’rent’ them out or increase their activity. Companies should regularly monitor their Google presence to look for evidence of being compromised.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts