DDoSInfo - Information about DDoS and Denial of Service Attacks

Update on the Kelihos botnet

Enurrendy — Mon, 06 Feb 2012 14:21:36 +0000

Reports that the Kelihos botnet is back online and that its original operators are again trying to take over its reigns have been premature, says Microsoft. “Contrary to some reports, Kaspersky …

See more here:
Update on the Kelihos botnet

Smaller DDoS attacks can be deadlier than big ones

Enurrendy — Mon, 06 Feb 2012 12:03:43 +0000

Contrary to conventional thinking that large bandwidth cyber attacks wreak the most damage on enterprises, security experts at Radware instead found that bigger problems usually come in small packages…

View article:
Smaller DDoS attacks can be deadlier than big ones

Kelihos botnet rises up again

Enurrendy — Fri, 03 Feb 2012 14:13:08 +0000

Kelihos – the botnet whose operation was disrupted last September by Microsoft and Kaspersky Lab by shutting down its C&C servers and making its bots contact a sinkhole instead – is back and working. …

Detecting the DNS Changer malware

Enurrendy — Wed, 01 Feb 2012 15:17:56 +0000

January marked half-time for the folks at the DNS Changer Working Group (DCWG) who are now running the DNS servers originally used in the Rove botnet. Ever since a multi-national task force dismantled…

See original article:
Detecting the DNS Changer malware

Botnet suspect denies involvement

Enurrendy — Fri, 27 Jan 2012 18:55:03 +0000

The Russian man accused by Microsoft of being behind the Kelihos botnet attack insists he is “absolutely not guilty”.

Read more here:
Botnet suspect denies involvement

Hacker allegedly leaks 100K Facebook account credentials of Arab users

Enurrendy — Tue, 24 Jan 2012 15:44:41 +0000

The slew of hacks, leaks of credit card information, DDoS attacks and defacements executed by Arab and Israeli hackers that transferred part of the longstanding, real world conflict to the Internet ha…

Microsoft names botnet ‘suspect’

Enurrendy — Tue, 24 Jan 2012 13:04:43 +0000

Microsoft said it suspects a former Russian antivirus company employee is behind an illegal botnet operation.

More here:
Microsoft names botnet ‘suspect’

Kelihos malware author, botnet herder named by Microsoft

Enurrendy — Tue, 24 Jan 2012 11:33:42 +0000

Microsoft has named a new defendant in the ongoing Kelihos case. His name is Andrey N. Sabelnikov, of St. Petersburg, Russian Federation, and is believed to have written the code for and either cr…

Link:
Kelihos malware author, botnet herder named by Microsoft

Tool used in Anonymous Megaupload campaign

Enurrendy — Mon, 23 Jan 2012 10:18:51 +0000

Once again, Anonymous is using the low orbit ion canon (LOIC) to DDoS websites. This tool was developed by white hat hackers to stress test websites. Not surprisingly, the tool they are using is ex…

See the article here:
Tool used in Anonymous Megaupload campaign

Major Denial of Service Vulnerability Affects Most Web Servers

Enurrendy — Wed, 04 Jan 2012 05:07:00 +0000

Security researcher Alexander Klink and Julian Wälde revealed a serious vulnerability that until recently affected the vast majority of web server. The attack only requires a single HTTP request that is specially designed to create hash code collisions in POST form data. When first discovered this attack affected Python, Ruby, PHP, Java, and ASP.NET, but vendors have been working with the researchers to produce patches. Tomcat updates 7.0.23 and 6.0.35 address this issue by limiting the number of POST form fields to 10,000. The change log says that this is configurable, but no details were provided. The patch for ASP.NET was released on December 29. The patch will be automatically applied for Windows Azure customers with the default servicing policy. The patch works by limiting the number of POST form fields in a single request to 1,000, which is well below the number needed for a denial of service attack. This value is configurable using the appSettings key “aspnet:MaxHttpCollectionKeys”. Currently this can only be applied site-wide, but there have been requests for page-specific overrides. A fix was also added for related flaws in the JSON input and deserialization logic. PHP 5.4.0, which is only a release candidate also offers a max_input_vars directive. The release notes do not state what the default value is. So far every vendor we’ve discussed has addressed the issue at the web server level by limiting the number of fields in a single request. Another option is the use of a randomized hash code formula for strings. Ruby is one such language. .NET does this as well, but only for internal builds. Production releases currently have a set formula, but given the severity of this issue that may change the next time the CLR is updated. For Java it is not quite so easy; the JVM specifies the hash code formula for strings, which means developers may be relying on it to be consistent across all versions. An update for Oracle Glassfish is supposedly complete, but not yet available. There is no information of the method used to address the issue. More information about this issue is available on Ars Technica and the Chaos Communication Congress website.

Excerpt from:
Major Denial of Service Vulnerability Affects Most Web Servers