motherboards
Arctic
Arctic Feezer 7x
Results 1 to 2 of 2

Thread: Secret footsoldier targeting banks reveals meaner, leaner face of DDoS

  1. #1
    Core Member

    Status
    xelosia is offline

    Last Online
    04-04-2020 @ 16:22
    Join Date
    May 2012
    Location
    Windsor Ontario
    Posts
    1,921
    CPU: Intel I5 7600k Gabby Lake
    M/B: Gigabyte aorus Z270X gaming K7
    RAM: 16 gig Ballistic tacticle DDR4
    GPU: powercolor devil R9 270X Windforce
    • xelosia's Full Spec's
      • Case:
      • Phanteks model m
      • PSU:
      • Antec Edge 650 watt
      • Cooling:
      • CoolerMaster master liquid ML240L rgb
      • Sound:
      • On Board SB output to a Pioneer VSX906S Reciever
      • Monitor:
      • Sharp 32Inch lcd
      • OS:
      • Windows 10 Pro 64 Bit
      • Misc:
      • LG Blue Ray Burner Fnatic rush mecanical cherry brown swichs Keyboard GSkill MX 780 mouse patriot viper 480 gig m2 NVMe sata OCZ Revo 350 960 gig PCIe Transcend 128 gig SSD Transcend 256 gig SSD CoolerMaster RGB mouse pad
    Thanks
    160
    Thanked 388 Times in 321 Posts
    Points: 68,749, Level: 81
    Points: 68,749, Level: 81
    Level completed: 42%,
    Points required for next Level: 1,001
    Level completed: 42%, Points required for next Level: 1,001
    Overall activity: 99.0%
    Overall activity: 99.0%

    Default Secret footsoldier targeting banks reveals meaner, leaner face of DDoS



    Screenshots showing the denial-of-service PHP script before and after it has been decoded.

    Over the past two weeks, a new wave of Web attacks has battered major US banks, causing disruptions for many of their online services. Now, an Israel-based security firm has uncovered one of the secret footsoldiers behind the mass assault: a compromised website that was rigged to unleash a torrent of junk traffic on three of the world's biggest financial institutions.
    The discovery by Web application security firm Incapsula helps explain the strategy behind the four-month-old campaign, which has been carried out under the flag of a group calling itself Izz ad-Din al-Qassam—rather than compromise and recruit thousands or tens of thousands of end-user PCs to carry out the distributed denial-of-service attacks, why not target a handful of Web servers that have orders of magnitude more bandwidth and processing power?
    Over the weekend, Incapsula researchers noticed a general-interest website located in the UK that was exhibiting suspicious behavior. They quickly discovered a backdoor that had been planted on it that was programmed to receive instructions from remote attackers. An analysis showed the website, which had just recently contracted with Incapsula, was being directed to send a flood of HTTP and UDP packets to major banks including PNC Financial Services, HSBC, and Fifth Third Bank.
    "Since the commands were blocked by our service the attack was mitigated even before it started, so we can't be absolutely sure about the scope of damage this attack would cause," Incapsula Security Analyst Ronen Atias wrote in a blog post published Tuesday. "Still, it is safe to assume that it would be enough to seriously harm an average medium-sized website."
    The blog post came the same day that purported Izz ad-Din al-Qassam members posted a new message that warned the attacks would continue until the removal of a YouTube video the group says is offensive to Muslims. In recent days, banks including BB&T, Fifth Third Bank, Ally Financial Corp., and PNC have all reportedly confirmed site on online banking access issues. The unidentified site discovered by Incapsula was most likely compromised as a result of weak security. The administration password was simply "admin."
    The backdoor was programmed to accept attack code remotely sent by the attackers. The PHP scripts contained detailed instructions, which among other things included precisely timed directions intended to order attacks to be stopped and then renewed just as the target website was starting to recover. The scripts were programmed to open a new instance of themselves each time they were executed, causing the torrents to grow exponentially larger over time. Because the compromised Web server was located in a shared hosting environment, there was enough bandwidth and processing power available to accommodate the ever-growing demands.
    Incapsula's blog post may help to explain observations aired three months ago that crippling attacks on the websites of Bank of America, Wells Fargo and at least three other large banks were executed by hundreds of compromised servers. The extra horse power of the machines created peak floods exceeding 60 gigabits per second, a volume big enough to knock even large sites offline unless they take special action to block the attacks.
    Ronen told Ars the attack code he observed was separate from a relatively new attack tool known as "itsoknoproblembro," which was deployed on many of the compromised servers discovered three months ago. Still, the ability of the new code to work in shifts and to gradually multiply itself appeared to make the recently discovered attack highly effective. Adding to the success, attackers need little more than a laptop and a decent command of PHP and hacking techniques to ply their trade. The considerable amount of electricity, bandwidth, and equipment required were all supplied by unwitting accomplices.
    Indeed, the command and control server used to funnel commands to the compromised Web server was itself a Turkish website, which Incapsula's Atias also believes was compromised.
    "This is just another demonstration of how security in the internet is always determined by the weakest link," he wrote. "Simply neglecting to manage [an] administrative password in a small site in the UK can be very quickly exploited by botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility."

    Secret footsoldier targeting banks reveals meaner, leaner face of DDoS | Ars Technica

  2. #2
    Regular Member

    Status
    Adham is offline

    Last Online
    01-05-2020 @ 00:53
    Join Date
    Jul 2012
    Location
    México
    Posts
    720
    CPU: Intel Core i5 2400 @ 3.10GHz Sandy Bridge 32nm Technology
    M/B: ASRock Z77 Extreme4 (CPUSocket)
    RAM: Crucial Balitix 8.00GB Single-Channel DDR3 @ 800MHz
    GPU: GeForce GTX 960
    • Adham's Full Spec's
      • Case:
      • dunno what brand is it >_<
      • PSU:
      • Cooler Master Silent Pro Hybrid 1000W
      • Cooling:
      • Seidon 120 XL
      • Sound:
      • Realtek High Definition Audio
      • Monitor:
      • BenQ G900W (1440x900@60Hz)
      • OS:
      • Windoes Seven home edition
      • Misc:
      • }
    Thanks
    90
    Thanked 44 Times in 39 Posts
    Points: 12,429, Level: 33
    Points: 12,429, Level: 33
    Level completed: 69%,
    Points required for next Level: 221
    Level completed: 69%, Points required for next Level: 221
    Overall activity: 0%
    Overall activity: 0%

    Default Re: Secret footsoldier targeting banks reveals meaner, leaner face of DDoS

    they taking 1cent from every account again :P

Remove Ads

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 0
    Last Post: 16-10-2012, 21:01
  2. DDoS attacks on major US banks are no Stuxnet—here's why
    By xelosia in forum General Discussion
    Replies: 0
    Last Post: 03-10-2012, 18:08
  3. DDos attacks on US banks
    By xelosia in forum General Discussion
    Replies: 1
    Last Post: 22-09-2012, 01:42
  4. SAPPHIRE reveals the secret behind Vapor-X
    By News Team in forum Hardware News
    Replies: 0
    Last Post: 25-10-2009, 09:31
  5. MSI Reveals Secret to Frozr GPU Cooler
    By News Team in forum Hardware News
    Replies: 0
    Last Post: 15-05-2009, 13:01

Search tags for this page

ddos bank

Click on a term to search for related topics.

Tags for this Thread