http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/229100144/active-darkness-ddos-botnet-s-tool-now-available-for-free.html By Kelly Jackson Higgins Darkreading Jan 24, 2011 A free version of a fast-growing and relatively efficient DDoS botnet tool has been unleashed in the underground. The so-called Darkness botnet is best known for doing more damage with less -- its creators boasting that it can take down an average-sized site with just 30 bots. Researchers are keeping a close eye on the botnet, which has been very active over the past few months. In just the past three weeks, for example, Darkness has attacked an average of 1.5 victim sites per day, and about three per day in the fourth quarter of last year, according to data gathered by Jeff Edwards, research analyst with Arbor Networks' Asert team. "This is definitely one of the more active ones," Edwards says of the DDoS botnet, which appears to originate out of Russia. "It tends to go after targets primarily in Europe, and to a lesser extent, the U.S." Andre' DiMino, director of Shadowserver, revealed yesterday that an older version of the bot code, version 6m, had become available for free in various underground forums as of late December, and that Shadowserver was already seeing new Darkness botnet command and control servers waging DDoS attacks. "Darkness requires fewer infected systems, which makes it more efficient," DiMino says. Both DiMino and Edwards consider Darkness a big competitor to the already-established Black Energy botnet. But unlike Black Energy, which has been known to deliver one-to punches of both DDoSing and stealing information from its victims, Darkness -- aka "Optima" and "Votwup" -- thus far appears to be all about its specialty, overwhelming websites with bogus HTTP requests. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon Jan 24 2011 - 22:22:23 PST
This archive was generated by hypermail 2.2.0 : Mon Jan 24 2011 - 22:27:20 PST