Discovery of New DDoS Botnet by Arbor Networks Researchers

A US-based Skunkx botnet with the potential to execute distributed denial of service (DDoS) attacks, while identifying and impeding competing DDoS clients on the host have been unveiled by the researchers at Arbor Networks, as reported by Eweek on March 16, 2011.

This bot supposedly possesses various competencies, ranging from Performing DDoS attacks (HTTP floods, SYN floods, UDP floods, and Slowloris attacks,); Detecting a number of analyst tools (TCPView, Commview, and Wireshark) and platforms (VMWare, QEMU, VirtualPC); Spread over USB, MSN, YahooMessenger; Visit" sites, speedtest, Download and install, update, to Removing arbitrary software, Detecting and stopping DDoSer, Metus, Blackshades, and IRC bots on the box, as reported by Arbor Networks on March 14, 2011. Researchers are also apparent towards the fact that, the bot has the ability to converse with "DDoSer" and can extend as a torrent file. It can also facilitate into sabotaging the logins saved in the SQLite DB by Mozilla.

Commenting on the matter, Jose Nazario, Researcher at the Arbor Networks, stated that, the mystery of the unveiled host named Arbor Security Engineering and Response Team (SERT) is indicative of the fact that, bot creators have been facilitated by the underground hosting as the servers seems to travel back to Ukraine and Malaysia and operate even independently, as reported by Eweek on March 16, 2011.

The SERT researchers have not yet observed the accessibility of the kit openly. At the time of processing, the captured bots were examined by Arbor to find that a handful of user-agents were being utilized by the user-agents and the entire HTTP headers were quite different indicating the ability of networks administrators to selectively detect the botnet's traffic. This capacity would facilitate administrators in shutting down the activity of the botnet by filtering the suitable HTTP headers, as reported by Eweek on March 16, 2011.

Furthermore, taking into account the ability to impede the competing bots, it is apparent that Skunkx's author are making some collaborative effort towards threatening zombies from using other bots for its personal usage.

Moreover, security experts have claimed that though the focus of DDoS is usually more towards being originated from China, this time, assessment reveals that bots are arriving from various parts of the world, majorly from the US. In a study conducted by Arbor networks in February 2011, botnets were held responsible for an evident augment in DDoS attack sophistication and frequency. DDoS attack bandwidth was recorded to have increased by a staggering 102% in 2010, as per the study, reports Arbor Networks on March 14, 2011.

For the time being, Nazario claimed that Arbor is set towards shutting down the attacker's domain name.

Related article: Discovery of More Politically Motivated Spam in the US

» SPAMfighter News - 3/24/2011