Feeds

Beware the Pulsing Zombies

DDoS attacks with devilish twist

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Virus Bulletin Distributed denial of service attacks, one of the most difficult security risks to guard against, could become even harder to detect with the development of tools that turn agents on and off during an attack.

So called 'pulsing zombies' (which sounds like something from the Night of the Living Dead) will be difficult to detect as they will not be always active, making the isolation and removal of malware from infected machines even harder.

Also, users may not even notice they are subject to such an attack, because it would result in service degradation, not outright failure.

Pulsing Zombies

Alexander Czarnowski, chief executive of Polish security firm Avet, told the Virus Bulletin Conference in Prague today that viruses that drop pulsing zombies on vulnerable boxes can be expected as DDoS tools evolve.

He singled out Doser, a Windows virus, that carries a ping flood as its payload, and the Sadmind worm, which affects Unix boxes, as examples of the direction that virus writers are taking. Email-borne worms could become used in DDoS attacks too.

Intrusion detection systems (IDS), and egress filtering (to drop outgoing packets with a false IP address) at the router level can help, but are not a complete solution to the problem. For one thing IDS set-ups can themselves become subject to DDoS attacks via tools such as Stick.

Czarnowski's presentation re-emphasised the importance of detecting DDoS components on hosts because just a few compromised boxes, carrying agents that bounce attacks off reflector servers to disguise their origin, can have a disproportionately large effect.

The possible emergence of 'pulsing zombies' make disinfection more important than ever, especially since there's little sign (or hope) of a complete solution to DDoS attacks. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.