infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Active 'Darkness' DDoS Botnet's Tool Now Ava

[ISN] Active 'Darkness' DDoS Botnet's Tool Now Available For Free

From: InfoSec News <alerts_at_nospam>
Date: Tue Jan 25 2011 - 06:22:23 GMT
To: isn@infosecnews.org

http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/229100144/active-darkness-ddos-botnet-s-tool-now-available-for-free.html

By Kelly Jackson Higgins
Darkreading
Jan 24, 2011

A free version of a fast-growing and relatively efficient DDoS botnet
tool has been unleashed in the underground. The so-called Darkness
botnet is best known for doing more damage with less -- its creators
boasting that it can take down an average-sized site with just 30 bots.

Researchers are keeping a close eye on the botnet, which has been very
active over the past few months. In just the past three weeks, for
example, Darkness has attacked an average of 1.5 victim sites per day,
and about three per day in the fourth quarter of last year, according to
data gathered by Jeff Edwards, research analyst with Arbor Networks'
Asert team. "This is definitely one of the more active ones," Edwards
says of the DDoS botnet, which appears to originate out of Russia. "It
tends to go after targets primarily in Europe, and to a lesser extent,
the U.S."

Andre' DiMino, director of Shadowserver, revealed yesterday that an
older version of the bot code, version 6m, had become available for free
in various underground forums as of late December, and that Shadowserver
was already seeing new Darkness botnet command and control servers
waging DDoS attacks. "Darkness requires fewer infected systems, which
makes it more efficient," DiMino says.

Both DiMino and Edwards consider Darkness a big competitor to the
already-established Black Energy botnet. But unlike Black Energy, which
has been known to deliver one-to punches of both DDoSing and stealing
information from its victims, Darkness -- aka "Optima" and "Votwup" --
thus far appears to be all about its specialty, overwhelming websites
with bogus HTTP requests.

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/