Experts warn of new Dirt Jumper botnet that crippled Krebs site

The baddies behind the Dirt Jumper malware have unleashed a new threat called Pandora and even cybersecurity experts like Brian Krebs aren’t immune to variations of the nasty botnet, a U.S. security firm is warning.

But the good news is that both of the distributed denial of service(DDoS) threats – Dirt Jumper andPandora – can be stopped or mitigatedby targeting weaknesses in the Dirt Jumper code, says ProlexicTechnologies Inc. And the company based in Hollywood, Fl. has releasedsome free tools to spot and deal with both Dirt Jumper and Pandora.

A form of the Dirt Jumper botnetcrippled the site of cybersecurity blogger Brian Krebs (above centre)for a few days in late July. 

DDoS attacks bring Web sites down by flooding them with uselesstraffic. Prolexic says Dirt Jumper, one of the most popular malwareattack tools used today, was authored by someone who uses thehandle‘sokol’ online. That individual sold various versions of DirtJumper privately, which were then leaked to the public. Right now thesource code to build the Dirt Jumper botnet can be bought online for$5,000, Prolexic says, with several authors using it to make spin-offvariations of the threat such as Max Flood, Pandora, HTTP Min, HTTPCombo and Socket Connect.

Cybersecurity blogger Krebs became the latest, and perhapsmostwell known, victim of the Max Flood variant of Dirt Jumper when his Website was felled by it for a few days starting on July 27. In a blog about the incident, Krebsdescribed how Prolexic helped him get his site up and running again byexposing a weakness in the Max Flood/Pandora/Dirt Jumper code. Prolexichas made the same Dirt Jumper scan and fix program available for freehere.

Krebs also warned in his blog that DDoS threats are escalating rapidly,pointing to Arbor Networks figures showing DDoS attacks are up by 82per cent since June 2011.  

Share on LinkedIn Share with Google+