New DoS attack uses Web servers as zombies

New DoS attack uses Web servers as zombies
New DoS attack uses Web servers as zombies 

By Elinor Mills
InSecurity Complex
CNet News
May 12, 2010

Researchers have uncovered a botnet that uses compromised Web servers 
instead of the usual personal computers to launch denial-of-service 
(DoS) attacks.

Security firm Imperva said on Wednesday it uncovered a botnet of about 
300 Web servers after one of its "honeypot" servers was used in an 
attack and based on a search of attack code via Google. Web servers were 
commonly used in such attacks a decade ago but had been replaced by the 
more ubiquitous Windows-based PCs, said Amachai Shulman, chief 
technology officer at Imperva.

In the DoS attack Imperva observed, two Web servers were targeting an 
unnamed hosting provider based in The Netherlands, he said. The hosting 
provider was aware of the situation, Shulman said.

It appeared that the Web servers were being compromised with code that 
exploits a vulnerability in PHP, a computer language used for processing 
Web pages, and it can affect servers running Apache, Microsoft Internet 
Information Services (IIS), or other server software, he said.

The attack employs a simple user interface that allows someone to 
specify the victim's IP address and port as well as the how long the 
attack should last. The information is submitted on a form that includes 
a message in Indonesian that says "don't use it on your friends," 
according to a screenshot provided by Shulman.


Best Selling Security Books and More!
Shop InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods