Popular Dirt Jumper DDoS toolkit riddled with security flaws, research finds


"With this information, it is possible to access the C&C server and stop the attack," Hammack said. "Part of our mission is to clean up the Internet. It is our duty to share this vulnerability with the security community at large."

Importantly, the flaws found by the company affect all versions of the toolkit, which traces its lineage back as far as 2008, including a recent, multi-capable version called 'Pandora'.

Dirt Jumper seems to have overtaken rivals to become one of the most successful DDoS toolkits available on the Russian underground. Nobody knows why this has happened - rivals such as Black Energy and Optima had dominated before its appearance - but it could be down to its features or lively development.

Can attacks be stymied with this new knowledge Prolexic said it had stopped a small but crafted 27 July Pandora DDoS on the website of security journalist Brian Krebs, which represents a start.

In theory the developers could fix the vulnerabilities spotted by Prolexic and come up with a version immune to interception. That remains a danger but because the source code was made available for Dirt Jumper and the number of different versions that exist, doing that for all of its bots built with it would be a major task at least in the short term.

Zur Startseite