January 9, 2012 By Dancho Danchev

A peek inside the Cythosia v2 DDoS Bot

by Dancho Danchev

With DDoS extortion and DDoS for hire attacks proliferating, next to the ever decreasing price for renting a botnet, it shouldn’t come as a surprise that cybercriminals are constantly experimenting with new DDoS tools.

In this post, I’ll profile a newly released DDoS bot, namely v2 of the Cythosia DDoS bot.

The Cythosia DDoS bot is available for a free download at selected cybercrime-friendly online communities.

Some of its core features include:

# Runs on Win2k – Win7 / x86 and x64

~ Limited/Guest/Administrator Acconts

# Various Autostart Names and Entries

Main Functions:

+ Download & Execute
+ Update

Distributed Denial of Service Functions

+ Syn
~ 20 Bots can kill little Sites
~ Customizeable Port & Strength(Http, Sql, Gameserver)
+ UDP
~ Perform attacks on homeconnections
~ Highly customizeable
+ HTTP
~ Multithreaded GET Requests – Generates Traffic as hell
~ Keeps GET Requests open

Socks5 Proxy

+ Opens Port with UPnP if router supports it
+ Redirects all TCP requests multithreaded -> very good speed
+ Configureable Username and Password

Control Panel

+ Nice looking Ajax Panel
+ Hardcoded Password -> secure
+ Taskmanagement System
+ Export Online SOCKS5 LIST

The DDoS bot supports SYN flooding, UDP flooding and HTTP flooding, and is highly customizable.

What’s particularly interesting is its support for Socks5 Proxies. These very same proxies will eventually be converted into anonymity services allowing cybercriminals the opportunity to mask their online activities. Thanks to such DIY DDoS bots such as  Cythosia, the price for anonymizing a cybercriminal’s activities is constantly decreasing, and so is the price for launching a commissioned DDoS attack.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button
0 comments

Trackbacks

  1. […] A peek inside the Cythosia v2 DDoS Bot […]

  2. […] A peek inside the Cythosia v2 DDoS Bot – The 10th most popular for 2012, offered a detailed overview of yet another released DIY DDoS bot, the Cythosia v2 DDoS bot. It’s a logical progression of the “A peek inside” series. Continue going through related analysis of malware bots/loaders profiled in 2012, such as, uBot, Umbra malware loader, the PickPocket Botnet, the Smoke Malware Loader, the Elite Malware Loader, and the Ann Malware Loader. […]

true