Booter shell scripts turn DDoS attacks into child’s play, warns Prolexic

DDoS protection service provider Prolexic Technologies has, today, released a threat advisory on the use of booter shells, which allow hackers to launch distributed denial of service (DDoS) attacks without the need for vast networks of infected zombie computers.

The increased use of dynamic web content technologies and the rapid deployment of insecure web applications has created new vulnerabilities - and opportunities for hackers to use infected web servers (instead of client machines) to conduct DDoS attacks, warns Prolexic.

Traditional DDoS attacks make use of workstations infected with malware, typically infected through spam campaigns, worms or browser-based exploits. With these traditional tactics, hackers required multitudes of infected machines to mount successful DDoS attacks.

DDoS booter scripts, however, are simple standalone files that execute GET/POST floods when accessed via HTTP. With booter shells, DDoS attacks can be launched more readily and can cause more damage, with fewer machines. Web servers typically have 1000+ times the capacity of a workstation, providing hackers with a much higher yield of malicious traffic with the addition of each infected web server.

Furthermore, the skill level required to take over a web server and convert it into a DDoS zombie has been significantly reduced. Prolexic warns that a DDoS booter shell script can be easily deployed by anyone who purchases hosted server resources or makes use of simple web application vulnerabilities such as RFI, LFI, SQLi and WebDAV exploits; and booter shell scripts, tools and lists of infected hosts are freely available in the hacker underground, or can be available for a nominal fee.

“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Neal Quinn, Chief Operating Officer at Prolexic. “For hackers, DDoS attacks have never been easier to launch; while for their victims, the power and complexity of attacks is at an all-time high.”

To prevent infection, Prolexic recommends continuous testing of proprietary web applications, as well as repeated testing of known vulnerabilities in commercial applications, either in-house or through a third-party service.

Further details about the booter shell threat are available at www.prolexic.com/threatadvisories.