Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem.

These maturing business models require constant innovation on behalf of the cybercriminals providing the easy to use and manage DIY DDoS bots, the foundation of these business models. What are some of the latest developments in this field? Are the malware coders behind these releases actually innovating, or are they basically re-branding old malware bots and reintroducing them on the market? Let’s find out.

In this post, I’ll profile a recently released DIY DDoS bot, which according to its author is a modification of the Dirt Jumper DDoS bot.

More details:

Sample screenshot of the command and control interface of the Russian DIY DDoS Bot:

The bot supports SYN flooding, HTTP flooding, POST flooding and the special Anti-DDoS protection type of flooding. It has also built-in anti-antivirus features allowing it avoid detection by popular host-based firewalls, next to a feature allowing it do detect and remove competing malware bots from the system, preserving its current state for the users of the bot. Moreover, according to its author, it will not work under a virtual machine preventing potential analysis of the malicious binaries conducted by a malware researcher.

Another interesting feature is the randomization of the HTTP requests using multiple user-agents in an attempt to trick anti-DDoS protection on the affected hosts. Apparently, the coder behind this malware bot, claims to have the source code of the Dirt Jumper DDoS kit, which we cannot verify for the time being given the fact that the source code for this bot isn’t currently circulating in the wild, and that there are zero advertisements within the cybercrime ecosystem offering to sell access to it.

Related posts:

We’ll continue monitoring the development of this DIY DDoS bot.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This