Wednesday, September 19, 2007

Custom DDoS Capabilities Within a Malware

DDoS capabilities within a malware are nothing new and are in fact becoming a commodity feature, but compared to the average DDoS-ers with up to two different DoS attack approaches, or the types of malware with hardcoded IPs to be attacked, there's a disturbing trend to diversify the DoS techniques used as much as possible to improve the chances of a successful attack, let's not mention the allocation of automatic self-defensive DDoS back at curious parties due to the oversupply of infected hosts. As you can see in this particular malware -- high detection rate -- the DDoS variables within are not only diverse enough to cause a lot of damage, but also, simultaneous combinations are also possible.

Now comes the digitally ugly part. Open source malware results in many different variants with a huge variety of new modules and options implemented within, even worse, the software client can indeed mature into a web based malware C&C like the ones we've been seeing since the beginning of 2007. And this is exactly what happened with this open source malware - a Chinese hacking team is currently offering a Web builder for sale, making it possible to integrate the malware on the Web in a typical do-it-yourself fashion. What types of attacks are included anyway :

- ICMP/SYN/TCP and UDP flooding
- HTTP no-cache, GET flooding
- CC variety
- GAME, CIDR, Hybrid flooding capabilities

The Black Sun bot, the Cyber bot, MPack, IcePack, WebAttacker, the Nuclear Malware Kit and Zunker, are all Web based malware platforms and were originally released as such compared to the Web adaption of this one.