Tag Archives: ddos news

Georbot information stealing Trojan uncovered

ESET revealed its analysis of Georbot, an information stealing Trojan and botnet spreading in the country of Georgia. Earlier this year ESET’s global research team uncovered Win32/Georbot, a botnet…

Taken from:
Georbot information stealing Trojan uncovered

Competitors blamed for over half of the DDoS attacks in the US

One in three organizations (31%) has suffered one or more Distributed Denial of Service (DDoS) attacks in the last 12 months, according to independent research commissioned by Corero Network Security.

More:
Competitors blamed for over half of the DDoS attacks in the US

New Zeus/SpyEye makes bots function as C&C servers

The latest build of the Zeus/SpyEye malware shows a change that could very well hamper the security researchers' ability to take down the botnets using it and to find out the criminals behind them. …

Read More:
New Zeus/SpyEye makes bots function as C&C servers

Akamai protects enterprises from DDoS and application security attacks

Akamai Technologies introduced Akamai Kona Site Defender, a service designed to protect the brand value of companies by shielding their web sites, applications and associated data in the face of attac…

Continue Reading:
Akamai protects enterprises from DDoS and application security attacks

Cutwail botnet intensifies spam spewing

The old Cutwail botnet is still alive and spamming from its 1,5 million bots, and has lately been spotted using malicious HTML attachments. The spam emails vary from fake forwarded Xerox scans and …

See the original article here:
Cutwail botnet intensifies spam spewing

Kelihos malware author, botnet herder named by Microsoft

Microsoft has named a new defendant in the ongoing Kelihos case. His name is Andrey N. Sabelnikov, of St. Petersburg, Russian Federation, and is believed to have written the code for and either cr…

Link:
Kelihos malware author, botnet herder named by Microsoft

Major Denial of Service Vulnerability Affects Most Web Servers

Security researcher Alexander Klink and Julian Wälde revealed a serious vulnerability that until recently affected the vast majority of web server. The attack only requires a single HTTP request that is specially designed to create hash code collisions in POST form data. When first discovered this attack affected Python, Ruby, PHP, Java, and ASP.NET, but vendors have been working with the researchers to produce patches. Tomcat  updates 7.0.23 and 6.0.35 address this issue by limiting the number of POST form fields to 10,000. The  change log  says that this is configurable, but no details were provided. The patch for  ASP.NET  was released on December 29. The patch will be automatically applied for Windows Azure customers with the default servicing policy. The patch works by limiting the number of POST form fields in a single request to 1,000, which is well below the number needed for a denial of service attack.  This value is configurable  using the appSettings key “aspnet:MaxHttpCollectionKeys”. Currently this can only be applied site-wide, but there have been requests for page-specific overrides. A fix was also added for related flaws in the JSON input and deserialization logic. PHP  5.4.0, which is only a release candidate also offers a max_input_vars directive. The  release notes  do not state what the default value is. So far every vendor we’ve discussed has addressed the issue at the web server level by limiting the number of fields in a single request. Another option is the use of a randomized hash code formula for strings.  Ruby  is one such language. .NET does this as well, but only for internal builds. Production releases currently have a set formula, but given the severity of this issue that may change the next time the CLR is updated. For Java it is not quite so easy; the JVM specifies the hash code formula for strings, which means developers may be relying on it to be consistent across all versions. An update for  Oracle Glassfish  is supposedly complete, but not yet available. There is no information of the method used to address the issue. More information about this issue is available on  Ars Technica  and the  Chaos Communication Congress  website.

Excerpt from:
Major Denial of Service Vulnerability Affects Most Web Servers