Over 20Gbps DDoS attacks have become common occurrences, Prolexic says

17.10.2012

It's not clear if this toolkit is sold on the underground market, but evidence suggests that it is being constantly improved and is used by multiple groups of attackers, Scholly said. Attackers don't need administrative (root) access to a compromised server in order to install the toolkit and launch attacks with it, Scholly said.

"Itsoknoproblembro" allows attackers to react faster to any defenses they might encounter and modify their attack strategy. That's because they can send commands to servers infected with the toolkit almost instantly, while in the case of traditional botnets they have to wait for the bot clients to periodically fetch new instructions from a command and control server.

Clean-up efforts for infections with "itsoknoproblembro" are difficult because of outdated applications and inexperienced server administrators, Prolexic said in its report. The company plans to release a public advisory that will contain fingerprinted signatures for DDoS attack variants supported by the "itsoknoproblembro" toolkit that will help others detect and mitigate such attacks.

Zur Startseite