The bot’s name is IP-Killer, also known as MP-DDoser. First documented earlier this year, IP-Killer is purely a DDoS bot, as it cannot capture passwords or deliver spam by the truckload. Active development since its inception in 2011 has turned this specialty code into what Arbor Networks calls a rapidly improving threat, including a revamped and working version of the famed Apache Killer technique.
Early versions of IP-Killer were flawed. However, since December 2011, the tool has been actively developed and the latest version has corrected all of the previous flaws. In fact, on top of the Slowloris-style of DDoS and generic flooding abilities, Arbor says that the most recent version of IP-Killer supports an ApacheKiller-style of attack.
ApacheKiller, Arbor explains in a blog post, “is a relatively new (and sophisticated) low-bandwidth technique for inflicting denial-of-service attacks against Apache web servers.”
The first time it appeared in public, ApacheKiller was nothing more than a broken Perl script. Towards the end of 2011, a version of it was incorporated into the Armageddon DDoS bot, but that code was severely flawed. It would seem though, that IP-Killer’s development team sought to fix this.
“Now, we are seeing it show up in MP-DDoser – and a review of the bot’s assembly code indicates that it does indeed appear to be a fully functional, working implementation of the Apache Killer attack,” Arbor’s Jeff Edwards wrote.
“The core of the attack involves the sending of a very long Range HTTP header that is intended to bring web servers (especially Apache) to their knees by forcing them to do a great deal of server-side work in response to a comparatively small request. It is therefore one of the more effective low-bandwidth, ‘asymmetrical’ HTTP attacks at the moment.”
These developments, as well as the streamlined crypto being used by the bot’s code, make IP-Killer something to watch in the coming months, as it is still under active development.
Arbor’s complete report and research on the bot can be viewed here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
- UN Experts: North Korean Hackers Stole Record Virtual Assets
- Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
- A Deep Dive Into the Growing GootLoader Threat
- CISA Releases Open Source Recovery Tool for ESXiArgs Ransomware
