Malware evolving to defeat anti-DDoS services like CloudFlare?
(Publication) Google search: [1]
| Malware evolving to defeat anti-DDoS services like CloudFlare? | |
|---|---|
| Botnet | OutFlare |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-13 |
| Editor/Conference | ESET |
| Link | http://www.welivesecurity.com/2013/02/13/malware-evolving-to-defeat-anti-ddos-services-like-cloudflare/ (Archive copy) |
| Author | Alexis Dorais-Joncas |
| Type | Blogpost |
Abstract
“ Could distributed denial of service (DDoS) malware be evolving to defeat anti-DDoS security measures like Cloudflare? We do not usually see a lot of innovative denial-of-service malware in our day-to-day work. What we do see usually boils down to the basic flooding techniques: TCP Syn, UDP and ping floods, and sometimes HTTP-oriented floods.
Of course, many products and services are available to webmasters who want to defend against such DDoS attacks. Cloudflare is one of them. When we analyzed a new piece of malicious software that looked suspiciously like yet another DoS tool, we did not expect to find anything particularly interesting. However, it turns out that the malware dubbed Win32/DoS.OutFlare.A implements a technique we have not seen before: a routine intended specifically to defeat the very popular CloudFlare anti-DoS service.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1303,
editor = {ESET},
author = {Alexis Dorais-Joncas},
title = {Malware evolving to defeat anti-DDoS services like CloudFlare?},
date = {13},
month = Feb,
year = {2013},
howpublished = {\url{http://www.welivesecurity.com/2013/02/13/malware-evolving-to-defeat-anti-ddos-services-like-cloudflare/}},
}