SecureWorks: Analysis of Storm Worm DDoS Traffic
The Peacomm (Storm Worm) botnet is known to launch DDoS attacks against networks which appear to be investigating the botnet — the cyber equivalent of explosive reactive armor. It is still unclear whether the decisions to launch an attack are made by the botnet, a human operator, or both. In exploring this, SecureWorks was able to compile and analyze information regarding timing and types of traffic that may help victims of these distributed denial-of-service attacks mitigate the impact.More here.
If triggering an attack is a decision made by the botnet that logic would be on the C&C (command-and-control) servers. Researchers have found no code in the Trojan client-side executable for triggering a DDoS attack.
The attacks do show signs of being automated. Certain actions reliably trigger attacks.
posted by Fergie @ 9/13/2007 12:53:00 PM
0 Comments:
Post a Comment
<< Home