|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
Prolexic Warns Malware No Longer Required to Create Zombies For DDoS AttacksJuly 17, 2007; 06:51 AM Prolexic says the emerging trends indicate there now is a greater challenge for PC owners to protect their systems from being manipulated as zombies and for targeted organizations to detect and mitigate DDoS attacks. Patching and installing the latest anti-virus or anti-malware software will not offer protection. “With both these new trends, powerful DDoS attacks can be run without requiring the attacker to infect a PC with traditional ‘full-stack’ malware,” said Paul Sop, Prolexic CTO. “Looking ahead, we predict attackers will focus on exploiting the API’s of Web 2.0 sites as the easiest way to distribute this new browser malware.” New DDoS Attacks Traditionally, cyber-criminals launched DDoS attacks from groups of malware-infected computers organized as Botnets under the direct control of a remote attacker. More recently, these criminals are subverting popular P2P networks to distribute malware and launch DDoS attacks. In its report, Prolexic notes the Company first observed this trend in April and May of this year while mitigating a wave of several extremely large peer-to-peer attacks with over 200,000 attacking computers. Each computer on its own sent a small amount of data, but at any given moment over 80,000 connections were being opened on the victim. Analysis of the attack showed that the attacking computers were not a normal botnet; they were instead running a popular P2P file-sharing client under instruction by the P2P hub server to also connect to a victim. Prolexic also reports a big increase in malware lite. These attacks require attackers to compromise Web servers and use them to embed malware that is written in JavaScript or flash. The trend indicates to Prolexic that JavaScript is becoming the preferred malware platform, heralding the beginning of a new breed of browser-based attacks. Unlike traditional malware, which infects users using sophisticated heap and buffer overflows, malware lite can be delivered as simple JavaScript just by visiting a Website. The Prolexic report also cites the locations of zombie PCs, with the latest data indicating that China continues to grow as the largest zombie hotbed. The Prolexic Weather Report was first issued in 2005 and is updated every six months. Prolexic’s R&D team compiles the report from company data on DDoS attacks launched over the preceding months. About Prolexic Technologies Prolexic Technologies provides cutting edge solutions that protect Internet operations from the debilitating service disruptions caused by DDoS attacks. Prolexic's patent-pending Clean Pipe Virtual Transport® network offers solutions that keep its clients' Internet-facing infrastructures free of DDoS traffic. Without making major adjustments or multimillion-dollar investments in their existing hardware infrastructures, Prolexic's customers rest assured that their network borders are secure and can thus focus on what is really important: their businesses. For more information visit www.prolexic.com. |
Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved |