Dirt Jumper DDoS Botnet Variants Continue to Proliferate

Friday, April 13, 2012



Researchers at Arbor Networks have identified so many varieties of the RussKill distributed denial of service (DDoS) botnet that they have dubbed the variants collectively as the "Dirt Jumper family".

"Attacks from the Dirt Jumper family of bots continue to target victims all around the world in a robust manner and we will take a look at who is being attacked, although we cannot always determine the motive," writes Arbor Networks' Curt Wilson.

In denial of service attacks, generally a large amount of information is sent to a web server at such high frequency that it overwhelms the processing capacity or causes the system to shut down and reset altogether.

The proliferation of the Dirt Jumper botnets have spawned an underground economy based on DDoS attacks for hire, according to the research.

"While we have collected about 300 malware samples of the Dirt Jumper family, it is likely that other variants are available, as the binaries and back-end PHP for Dirt Jumper has leaked several times. This makes it easy for someone to make slight modifications to the PHP or Delphi binary code and attempt to re-sell the bot, use the bot for their own purposes, or start making money with their own commercial DDoS service," Wilson said.

"Dirt Jumper continues to evolve (version 5 appears to be the newest) and a variety of other associated bots packages have emerged over time to include Simple, September, Khan, Pandora, the Di BoTNet and at least one private version of Dirt Jumper 5 that I am aware of," Wilson continued.

The availability of the code in the wild leads Wilson to believe that new variants will continue to be produced, making the Dirt Jumper family one of the mostly widely available DDoS botnet strains world wide.

With the growing availability of DDoS services being marketed directly to businesses, enterprises may increasingly find themselves under attack from competitors seeking to gain an advantage in the increasingly lucrative Internet marketplace.

“Development will continue, and there are increasing trends towards the development of attack techniques that will bypass certain types of anti-DDoS protection measures. The underground economy continues to flourish, and DDoS services are a piece of that rotten pie," Wilson predicts.

Denial of service attacks attacks are generally low-tech, and the majority of web servers are vulnerable to the attack method, which makes the tactic increasingly popular.

Wilson has previously conducted examinations of numerous distributed denial of service tools currently available in the wild.

The offerings range from those designed by gamers to be used for single IP address attacks to knock a rival out of action, to the more serious versions that are being marketed directly to businesses as a method to gain a commercial advantage over competitors.

Wilson noted that there "are numerous motives for DDoS such as revenge, extortion, competitive advantage and protest," but increasingly "many of the commercial DDoS services emphasize competitive advantage with wording devoted to taking down a competitor."

Possibly Related Articles:
Denial of Service Botnets Attacks DDoS Headlines Black Market Malware-as-a-Service Arbor Networks Ruskill Dirt Jumper
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.