By Elinor Mills
May 12, 2010
Researchers have uncovered a botnet that uses compromised Web servers
instead of the usual personal computers to launch denial-of-service
Security firm Imperva said on Wednesday it uncovered a botnet of about
300 Web servers after one of its "honeypot" servers was used in an
attack and based on a search of attack code via Google. Web servers were
commonly used in such attacks a decade ago but had been replaced by the
more ubiquitous Windows-based PCs, said Amachai Shulman, chief
technology officer at Imperva.
In the DoS attack Imperva observed, two Web servers were targeting an
unnamed hosting provider based in The Netherlands, he said. The hosting
provider was aware of the situation, Shulman said.
It appeared that the Web servers were being compromised with code that
exploits a vulnerability in PHP, a computer language used for processing
Web pages, and it can affect servers running Apache, Microsoft Internet
Information Services (IIS), or other server software, he said.
The attack employs a simple user interface that allows someone to
specify the victim's IP address and port as well as the how long the
attack should last. The information is submitted on a form that includes
a message in Indonesian that says "don't use it on your friends,"
according to a screenshot provided by Shulman.
Best Selling Security Books and More!
Shop InfoSec News