Arbor Networks finds ‘Drive,’ the Newest ‘DirtJumper’ Malware Variant

Researchers at Arbor Networks state that since several years past, cyber-criminals have been making changes so as to improve an infamous malware family the DirtJumper and now introducing its latest variant known as "Drive" that harbors certain intriguing features.

Drive, which's written with the programming language Delphi, exudes one DDoS (distributed denial-of-service) engine whose power is much greater compared with its previous versions.

Alongside this feature, some C&C (command-and-control) servers too have been identified which the researchers state cater to G-zipped data. One-or-more server from the total discovered understandably impairs connection depending upon its territorial location.

According to Security Researcher Jason Jones of Arbor Networks, Drive contains dual POST floods, one lone GET flood, one UDP flood, and two connections plus a number of data floods. However, not all instances reflect the UDP flood. Drive as well specifies random data in a string post an enquiry so the server within incidences pertaining to search pages, login pages, etc as the targets gets extra stress, Jones explains. Ddos.arbornetworks.com published this dated June 22, 2013.

Moreover, there's further one fresh data-line encryption algorithm within the freshly created DDoS engine which resembles Khan another known algorithm.

And whilst Drive has not yet been observed proliferating, via any illegal website, the forthcoming version maybe designed to spread. Presently, assaults executed through the toolkit established link to fifteen distinct C&C systems, which over long have struck 60 targets.

During the past years, DirtJumper appeared as chiefly launching politically-oriented assaults. During 2011, security experts found it executing DDoS assaults against technology and gaming websites hosted in Russia following which it struck the country's media sites prior to its presidential election last year (2012).

Drive most accurately is superior to DirtJumper in sophistication, as it has countered its drawbacks, which researchers earlier discovered within the original variant. In 2012, Prolexic's researchers found one technique to prevent assaults by DirtJumper via the identification of its C&C servers as also modifying its back-end cache of data.

And just when it was thought that DirtJumper's peak activity had finished, one newer, increasingly advanced edition like Drive could well trigger off the toolkit's wide acceptance, Arbor concluded.

» SPAMfighter News - 6/26/2013