Prolexic Warns Malware No Longer Required to Create Zombies For DDoS Attacks

July 17, 2007; 06:51 AM
Attackers now can more easily control PCs without infecting them with sophisticated malware to launch Distributed Denial of Service (DDoS) attacks, announces Prolexic Technologies, the global leader in managed DDoS service protection, in its just released Weather Report. The biannual Prolexic report on the latest trends in DDoS attacks indicates that cyber criminals now can control PCs by using popular Internet servers through Peer-to-Peer (P2P) networks or by using compromised Web servers to embed browser malware or ‘malware lite’ written in JavaScript or flash.

Prolexic says the emerging trends indicate there now is a greater challenge for PC owners to protect their systems from being manipulated as zombies and for targeted organizations to detect and mitigate DDoS attacks. Patching and installing the latest anti-virus or anti-malware software will not offer protection.

“With both these new trends, powerful DDoS attacks can be run without requiring the attacker to infect a PC with traditional ‘full-stack’ malware,” said Paul Sop, Prolexic CTO. “Looking ahead, we predict attackers will focus on exploiting the API’s of Web 2.0 sites as the easiest way to distribute this new browser malware.”

New DDoS Attacks

Traditionally, cyber-criminals launched DDoS attacks from groups of malware-infected computers organized as Botnets under the direct control of a remote attacker. More recently, these criminals are subverting popular P2P networks to distribute malware and launch DDoS attacks.

In its report, Prolexic notes the Company first observed this trend in April and May of this year while mitigating a wave of several extremely large peer-to-peer attacks with over 200,000 attacking computers. Each computer on its own sent a small amount of data, but at any given moment over 80,000 connections were being opened on the victim. Analysis of the attack showed that the attacking computers were not a normal botnet; they were instead running a popular P2P file-sharing client under instruction by the P2P hub server to also connect to a victim.

Prolexic also reports a big increase in malware lite. These attacks require attackers to compromise Web servers and use them to embed malware that is written in JavaScript or flash. The trend indicates to Prolexic that JavaScript is becoming the preferred malware platform, heralding the beginning of a new breed of browser-based attacks. Unlike traditional malware, which infects users using sophisticated heap and buffer overflows, malware lite can be delivered as simple JavaScript just by visiting a Website.

The Prolexic report also cites the locations of zombie PCs, with the latest data indicating that China continues to grow as the largest zombie hotbed.

The Prolexic Weather Report was first issued in 2005 and is updated every six months. Prolexic’s R&D team compiles the report from company data on DDoS attacks launched over the preceding months.

About Prolexic Technologies

Prolexic Technologies provides cutting edge solutions that protect Internet operations from the debilitating service disruptions caused by DDoS attacks. Prolexic's patent-pending Clean Pipe Virtual Transport® network offers solutions that keep its clients' Internet-facing infrastructures free of DDoS traffic. Without making major adjustments or multimillion-dollar investments in their existing hardware infrastructures, Prolexic's customers rest assured that their network borders are secure and can thus focus on what is really important: their businesses. For more information visit www.prolexic.com.