Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Arbor Networks Researchers Find U.S.-Based DDoS Botnet

    Written by

    Fahmida Y. Rashid
    Published March 16, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A distributed denial-of-service botnet has been found in the United States, but not much information is available about it.

      Lately, every active botnet used in DDoS attacks seems to originate from China, but there appears to be at least one from the United States, said Jose Nazario of Arbor Networks’ Security Engineering and Response Team (SERT). However, other than its origin, Arbor researchers have learned precious little about the botnet they’ve taken to calling “Skunkx.”

      Arbor’s team has yet to see the bot’s attacks in the wild, so its favored victim profiles are still unknown, said Nazario. The researchers do not know the botnet’s size, and have not seen the source code or the control panel, he said.

      The Arbor researchers have learned how Skunkx propagates itself, its attack capabilities and its defenses. The botnet can perform DDoS attacks by flooding UDP, SYN and HTTP packets as well as using Slowloris, Nazario said.

      The botnet infection has several methods of infection, including USB devices, Microsoft’s MSN service, Yahoo’s Messenger instant messaging service and as a torrent file. Once a system has been infected, the botnet downloads and install itself onto the computer. It updates itself with the latest instructions from a remote command and control server and scans the host computer to detect what applications are installed. It also randomly removes arbitrary programs, Nazario said.

      The bot can detect if tools such as Commview, TCPView and Wireshark are installed on the system. These tools allow the user to examine and analyze packets and network traffic. Skunkx also detects virtualization platforms such as QEMU for Linux, VMware for Windows and VirtualPC for the Mac OS X. And it can steal log-in credentials that Mozilla applications store in a SQLite database, according to Nazario.

      Skunkx can detect and identify competing DDoS tools already resident on the host system, including DDoSeR, Blackshades Remote Administration Tool (RAT) and any MeTuS or IRC bots that may be running on the box, Nazario said. DDoSeR is a botnet client that provides a front-end interface for launching DDoS attacks using multi-socket UDP floods. MeTuS bots are easily created using host booster kits available online and also involved in DDoS attacks. They also have some encryption capabilities. Blackshades let remote attackers view the desktop or use the Webcam on the host machine. If Skunkx finds any of these running, it stops them, Nazario said.

      Skunkx can “speak DDoSeR,” Nazario said, as the bot can communicate with the popular client.

      Based on its ability to stop competing bots, it’s clear that Skunkx’s author put in some effort to subvert zombies from other bots for its own use.

      The hostnames Arobr SERT uncovered indicate the bot creator is someone “familiar” with underground hosting as the servers appear to go back to Ukraine and Malaysia as well as working alone, Nazario said. The SERT researchers have not yet seen the kit openly available.

      Arbor is working with the registrar to shut down the attacker’s domain name, Nazario said.

      Arbor inspected the captured bots and found that they were using a handful of user-agents and all the HTTP headers were distinctive, meaning network administrators would be able to selectively detect this botnet’s traffic, Nazario said. This would allow administrators to shut down the botnet’s activity by filtering out the appropriate HTTP headers.

      The SERT team has also been “sinkholing” or redirecting IP traffic for the botnet, with hundreds of bots checking in from around the world, according to Nazario. Most of them were in the United States, clustered mainly on the East Coast and the area east of the Mississippi River, Nazario said.

      Arbor is working with individual Internet service providers to identify and clean up infected systems, he said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.