Feeds

Beware the Pulsing Zombies

DDoS attacks with devilish twist

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Virus Bulletin Distributed denial of service attacks, one of the most difficult security risks to guard against, could become even harder to detect with the development of tools that turn agents on and off during an attack.

So called 'pulsing zombies' (which sounds like something from the Night of the Living Dead) will be difficult to detect as they will not be always active, making the isolation and removal of malware from infected machines even harder.

Also, users may not even notice they are subject to such an attack, because it would result in service degradation, not outright failure.

Pulsing Zombies

Alexander Czarnowski, chief executive of Polish security firm Avet, told the Virus Bulletin Conference in Prague today that viruses that drop pulsing zombies on vulnerable boxes can be expected as DDoS tools evolve.

He singled out Doser, a Windows virus, that carries a ping flood as its payload, and the Sadmind worm, which affects Unix boxes, as examples of the direction that virus writers are taking. Email-borne worms could become used in DDoS attacks too.

Intrusion detection systems (IDS), and egress filtering (to drop outgoing packets with a false IP address) at the router level can help, but are not a complete solution to the problem. For one thing IDS set-ups can themselves become subject to DDoS attacks via tools such as Stick.

Czarnowski's presentation re-emphasised the importance of detecting DDoS components on hosts because just a few compromised boxes, carrying agents that bounce attacks off reflector servers to disguise their origin, can have a disproportionately large effect.

The possible emergence of 'pulsing zombies' make disinfection more important than ever, especially since there's little sign (or hope) of a complete solution to DDoS attacks. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.