Feeds

Beware the Pulsing Zombies

DDoS attacks with devilish twist

  • alert
  • submit to reddit

Security for virtualized datacentres

Virus Bulletin Distributed denial of service attacks, one of the most difficult security risks to guard against, could become even harder to detect with the development of tools that turn agents on and off during an attack.

So called 'pulsing zombies' (which sounds like something from the Night of the Living Dead) will be difficult to detect as they will not be always active, making the isolation and removal of malware from infected machines even harder.

Also, users may not even notice they are subject to such an attack, because it would result in service degradation, not outright failure.

Pulsing Zombies

Alexander Czarnowski, chief executive of Polish security firm Avet, told the Virus Bulletin Conference in Prague today that viruses that drop pulsing zombies on vulnerable boxes can be expected as DDoS tools evolve.

He singled out Doser, a Windows virus, that carries a ping flood as its payload, and the Sadmind worm, which affects Unix boxes, as examples of the direction that virus writers are taking. Email-borne worms could become used in DDoS attacks too.

Intrusion detection systems (IDS), and egress filtering (to drop outgoing packets with a false IP address) at the router level can help, but are not a complete solution to the problem. For one thing IDS set-ups can themselves become subject to DDoS attacks via tools such as Stick.

Czarnowski's presentation re-emphasised the importance of detecting DDoS components on hosts because just a few compromised boxes, carrying agents that bounce attacks off reflector servers to disguise their origin, can have a disproportionately large effect.

The possible emergence of 'pulsing zombies' make disinfection more important than ever, especially since there's little sign (or hope) of a complete solution to DDoS attacks. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.