DDoS Attack Tool Spreads Among Criminal Undergroups

The researchers first detected the tool, a newer version of the Russkill bot known as Dirt Jumper, as it was executing DDoS attacks against two Russian Web sites -- a gaming website, and a site used for selling a popular smartphone.

Further research determined that the malware was used in attacks on other sites, including a large corporation’s load balancer and a destructive attack on a Russian electronic trading platform.

“We caught it in the act of doing an attack,” said Curt Wilson, security researcher at Arbor's Security Engineering & Response Team (ASERT), who spearheaded the research.

DDoS attacks occur by inundating a network with more requests than it can handle, consequently choking the system and causing the victim's computers to crash. Botnets can be used by cyber criminals to automate tens of thousands of requests sent to a network with the sole intention of rendering it ineffective.

Meanwhile, Wilson said that the Dirt Jumper tool was actively being sold in criminal underground channels. “Underground forums will sell access to the Dirt Jumper,” he said. ”This is part of the thriving underground economy.”

The tool wasn’t linked to any particular criminal organization, but rather likely used by individuals who had purchased the tool on an underground forum, researchers said. However, Wilson added that while there was no clear attribution to any one group, the motive was intended for criminal commercial purposes.

“Anybody that wanted to take down a competitor’s site, or take down a site or interfere with some electronic trade could purchase access to this botnet and flood whatever they wanted to flood,” Wilson said. “It’s active and being used right now.”

Jose Nazario, Arbor Networks senior manager of security research, said that he’s seen a distinctive rise in the number denial of service attacks in recent years, noting a steady increase of about 50 percent, while the size of the attacks have been doubling every year for several years.

“As far as number of regions of the world in which these attacks are occurring, it used to be mostly in Russia and the Russian sphere,” he said, adding that attacks were also mainly relegated to Easter Bloc nations such as Georgia, Estonia and Ukraine. “Now we’re seeing it more or less all over the world.”

Meanwhile, researchers said the recent uptick of DDoS attacks in recent years that are being for used for political ‘hacktivism,’ extortion and other criminal purposes can be attributed, in part, to the proliferation of DDoS tools such as Dirt Jumper, as well as others.

In recent months, attackers have relied on DDoS attacks to send political messages against MasterCard , PayPal, and the Turkish government website .

“We blame a lot of these attacks on the ease of use of these tools,” Nazario said. “Before you had to write your own tools. Now we’ve seen a dramatic rise in these kits. They’re commercially available and easy to use. It’s lowering the technical barriers, and that of course fuels hacktivism.”