New generation of DDoS attack turns servers into bots

Amichai Shulman, CTO of Imperva, who discovered this new attack, says that it has infected hundreds of web servers. Also, unlike traditional DDoS methods that capitalise on bot-infected PCs, the attackers have turned the web servers themselves into payload-throwing bots, he adds. Essentially, rather than use the server as a means of distributing the DoS malware to PCs, the attackers infect the servers themselves with a malicious DoS application, explains Shulman. "Then, using a simple software program with a dashboard and control panel, the hackers configure the IP, port and duration of an attack. They simply insert the URL they wish to attack, click and go," he says. Imperva says it has acquired the source code of this application and has screenshots taht show it consists of just 90 lines of PHP code. Shulman warns that, although servers are typically harder to compromise than PCs, by capitalising on their greater horsepower, the hackers create a much more efficient and powerful DDoS tool using servers as the attack platform. "The volume of the attack is more easily multiplied by the number of exploited web servers as well. By using web servers, the attackers are even less detectable. Trace backs typically lead to a lone server at a random hosting company," he says.