KNOWLEDGE CENTER

Threat Advisory

DoS and DDoS Attack Threat Advisory – Drive – Dirt Jumper

Spike DDoS Toolkit [High Risk]

This distributed denial of service (DDoS) toolkit has been used the launch powerful DDoS campaigns. The capability of the Spike DDoS toolkit to infect and control a broader range of devices, including Linux and ARM-based devices, allows DDoS attackers to launch large attacks and to propagate botnets in a post-PC era.

The advisory shares an analysis of the Spike DDoS toolkit to prevent further infestation and raise awareness of this multi-platform, multi-vector DDoS botnet kit. Enterprises need system hardening to prevent initial infection and DDoS protection to stop DDoS attacks from the Spike bots.

The Spike DDoS Toolkit Threat Advisory will help you understand how it works and how to protect your enterprise.

Other Recent Threat Advisories:

  • IptabLes and IptabLex DDoS Bots
    Linux systems are being infiltrated via known vulnerabilities in Apache Struts, Tomcat and Elasticsearch to host IptabLes and IptabLex malware for use in DDoS botnets. The advisory includes ELF binary analysis, DDoS mitigation techniques and YARA rule

  • Blackshades RAT
    Blackshades RAT crimeware is used for identity theft and blackmail, allowing malicious actors to spy on users by monitoring video and audio, keylogging, harvesting banking and website access credentials, and controlling the victim machine to hijack files and to launch executables.

  • Zeus Crimeware
    The Zeus toolkit is used in many types of cybercrime, including customized attacks to target Fortune 500 enterprises. Attackers leverage the resources of infected devices and extract sensitive information for identity theft and fraud. The threat advisory includes mitigation details.

  • SNMP Reflector
    Simple Network Management Protocol (SNMP) reflection tools are being used by malicious actors to harness devices such as printers, switches, firewalls and routers for use in DDoS attacks. Network administrators need to take the remediation steps described in this DDoS threat advisory.

  • Storm Network Stress Tester
    The Storm crimeware kit infects Windows XP (and higher) systems for malicious uses and enables file uploads and downloads and the launching of executables, including four DDoS attacks. Remote access lets malicious actors use a PC for malicious activity, such as the infection of other devices.

  • NTP Amplification
    With only a handful of vulnerable NTP servers, the current batch of NTP amplification attack toolkits enable malicious actors to launch 100 Gbps attacks – or larger.

  • Domain Name System (DNS) Flooder
    Malicious actors are purchasing, setting up and using their own DNS servers in reflection attacks, avoiding the need to source vulnerable DNS servers on the Internet. This advisory includes a sample payload, analysis, source code, Snort rule, ACL mitigation and two case studies.

  • Drive, a Dirt Jumper variant
    Finance and e-Commerce firms have been targeted with the Drive DDoS toolkit as a planned distraction by criminals engaging in identity theft and fraud of customer accounts. This threat advisory includes an analysis of payloads, capabilities, and IDS signatures for DDoS detection.

  • Itsoknoproblembro
    This threat advisory includes profiles of 11 different attack signatures, with detailed SNORT rules for DDoS mitigation; detection rules to identify infected web servers (bRobots), and a free log analysis tool (BroLog.py) that can be used to pinpoint which scripts were accessed, by what IP address, and for what DDoS targets.

  • Dirt Jumper Vulnerability Disclosure Report
    The Dirt Jumper family of DDoS Toolkits is considered one of the most popular attack tools on the market today. This vulnerability report exposes key weaknesses in the command and control (C&C) architecture that could neutralize would-be attackers.

  • Pandora
    This Russian-origin toolkit offers five DDoS attack modes and appears to be authored by the same individual responsible for the popular and destructive Dirt Jumper family of tools.

  • HULK (HTTP Unbearable Load King)
    This script takes advantage of common weaknesses with out-of-the-box web server functionality by launching 500 threads, which each spawn an additional 500 threads at the target web server.

  • Booter Shell Scripts
    These sophisticated, easy-to-use DDoS attack scripts make it possible to bring down web servers without vast networks of infected zombie computers.

  • High Orbit Ion Cannon (HOIC)
    This stealth DDoS attack tool targets up to 256 URLs simultaneously and randomizes attack signatures.

  • Dirt Jumper
    Learn about the dangers of the Dirt Jumper DDoS Toolkit for application layer attacks and download Prolexic’s free Dirt Dozer scanning tool to protect your sites.

Want PLXsert to protect you?

PLXsert team helps organizations like yours adopt best practices and make more informed, proactive decisions about cybersecurity threats. PLXsert now offers a subscription service that provides current threat intelligence, infrastructure and defense evaluation, as well as post-attack forensics. To learn more, please contact sales@akamai.com or call +1 (888) 368 2923.

Get access to PLXsert Cybersecurity Threat Advisories

* Required field