Turning the tables on miscreants who paralyze websites with torrents of junk data, security researchers have published a detailed manual that shows how to neutralize some of the Internet's most popular denial-of-service tools.
The do-it-yourself how-to provides instructions that even hacking novices can follow to exploit critical vulnerabilities in "Dirt Jumper," a family of tools used to wage the crippling denial-of-service attacks. By targeting SQL injection flaws in the software—which is sold for thousands of dollars in underground forums—counter-attackers can commandeer the master control servers used to distribute commands to large numbers of infected computers, which act as foot soldiers in such attacks. The manual was published on Tuesday by researchers with DDoS mitigation provider Prolexic.
"The authors of this malware overlooked security for critical portions of its toolkits," the Prolexic researchers wrote in the report, which can be downloaded here, after completing the Web form at the right side of the page. "The weakest link within this malware family is the insecure coding practices used in the creation of the C&C panels. They are simple PHP/MySQL scripts that are pieced together to manage the infected bots."
Read 10 remaining paragraphs | Comments
from Ars Technica http://arstechnica.com
