Spread of Darkness...Details on the public release of the Darkness DDoS bot
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Spread of Darkness...Details on the public release of the Darkness DDoS bot | |
|---|---|
| |
| Botnet | Darkness |
| Malware | Darkness (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 23 janvier 2011 |
| Editor/Conference | Shadowserver Foundation |
| Link | http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110123 (Archive copy) |
| Author | André M. DiMino, Mila Parkour |
| Type | |
Abstract
“ Recently, we wrote about the "Darkness" (also known as Optima or Votwup) DDoS bot that is gaining in popularity.
The features of "Darkness" described in that post applied to the latest version 7g of the bot. However, on December 26, 2010, version 6m was made freely and publicly available from many forums. According to the instructions for the released v6m, it is quite easy to modify the client executable to point to a new command and control server. The open release of this bot, along with the ease of customization is a development that warrants further analysis and increased awareness. We have already seen several new "Darkness" Command and Control servers come online, actively directing DDoS attacks.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR840,
editor = {Shadowserver Foundation},
author = {André M. DiMino, Mila Parkour},
title = {Spread of Darkness...Details on the public release of the Darkness DDoS bot},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2011},
howpublished = {\url{http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110123}},
}