DDoS Attack Threats | Zeus Crimeware Kit Threat Advisory | Akamai Doc

Published on July 2016 | Categories: Types, Presentations | Downloads: 104 | Comments: 0 | Views: 207
of 2
Download PDF   Embed   Report

Malicious actors using the Zeus Crimeware gain control over and access to information on infected host computers, including smartphones and tablets. For example, the attacker can request a screenshot of all displayed content on a host device, which could reveal sensitive information. In addition, the attacker can force the host to download and run remote and local files, or inject code to change the display of a webpage displayed by the host’s browser. Find out more about this DDoS threat in the full Akamai Zeus Crimeware Kit Threat Advisory, available at Zeus threat http://bit.ly/1nyT8CX.



Storm Network Stress Tester: Emerging Cybersecurity Threat
Selected excerpts

The Security Engineering and Research Team (PLXsert) at Prolexic (now part of Akamai) recently
published a Distributed Denial of Service (DDoS) threat advisory about a serious cyber security
threat: Storm Network Stress Tester. The Storm Network Stress Tester DDoS threat advisory
describes the cyber-attack, shares attack signatures and payload for attack mitigation, and explains
indicators of infection by the kit.

Easy-to-use DDoS tools have allow malicious actors to readily set up and control botnets. When
coupled with high infection rates, attackers are able to launch major DDoS attacks against their
target. Storm Network Stress Tester, a crimeware toolkit recently analyzed by PLXSert, illustrates
this evolving security threat.

Storm targets Windows XP (or higher) operating systems, infecting computers with malicious
software that turns them into attacker-controlled, obedient zombies. Once infected, malicious
actors can manipulate the computers they control remotely, allowing an almost unlimited variety
of abuse. Storm’s particular specialty is DDoS – up to four DDoS attack types are supported. A
single infected computer, with a single computer running a single attack type, can produce up to
12 Mbps of DDoS traffic.

What makes Storm so dangerous?

Once installed on a victim Windows machine, Storm exposes remote administration (RAT)
capabilities, enabling malicious actors to remotely upload and download files, traverse directories,
and execute programs – including downloading and running the four different DDoS attack
vectors included in Storm. However, beyond simply enabling devastating DDoS attacks, these
abilities can be used to force the infected zombie computer to perform almost any task, providing
criminals with an all-purpose crimeware platform. Sensitive data can be extracted, other
crimeware tools can be downloaded and run, and other computers can be infected.

Storm Network Stress Tester has a specific demographic target. China has a reputation for high
rates of pirated software, and 60 percent of all desktop operating systems in the country still run
Windows XP, making it the dominant operating system in China. Multiple references to China in
the source code and file names, combined with the apparent targeting of pre-Vista operating
systems, leads PLXsert to believe that Storm is targeting this massive pool of vulnerable Chinese
computers for infection. PLXSert has concluded that there is a significant risk of this kit being
used by malicious actors to launch extremely large, orchestrated botnet attacks against
organizations worldwide.


What a Storm attack looks like

Shown below in Figure 1 is a diagram showing the basic architecture of a Storm Stress Tester v3.5
tool attack, illustrating the relationship between the Command & Control server and the botnet
under its control.

Figure 1: The architecture of a Storm Stress Tester v3.5 tool attack
Get the full Storm DDoS threat advisory (www.prolexic.com/storm) for a full analysis and
mitigation techniques

In the threat advisory, PLXsert provides its cybersecurity analysis of the Storm kit:
Indicators of this crimeware kit
Dropper payload generation and infection
Fortification methods
Command structure
DDoS attack types, payloads and attack signatures
About Akamai
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online
content and business applications. At the core of the Company’s solutions is the Akamai Intelligent
Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and
expertise. Akamai removes the complexities of connecting the increasingly mobile world,
supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To
learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world,
please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Sponsor Documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in