Home Malware Programs Malware Dirtjumper

Dirtjumper

Posted: September 25, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 64
First Seen: September 25, 2012
OS(es) Affected: Windows

Dirtjumper, also IDed as RussKill, is a toolkit that's used to design malicious software and is widely-available to any criminal with a spare two hundred dollars. The Trojans that result from a Dirtjumper toolkit tend to be used to create botnet networks of infected PCs that proceed to launch Distributed-Denial-of-Service attacks against specific websites, with most recent attacks targeting banking institutions. SpywareRemove.com malware analysts particularly recommend that employees of banks keep online security in mind, since the latest Dirtjumper attacks have been used as cover-ups for other attacks that compromise bank employee information and make fraudulent transactions. However, since Dirtjumper is a for-hire product, any PC is in theoretical danger of being attacked by a Dirtjumper Trojan, which uses up your PC's resources without displaying any symptoms of its presence.

Dirtjumper and Why a Website Blacking Out is Everybody's Problem

Dirtjumper (or) is built on the basis of an older PC threat than itself (RussKill) and has seen numerous revisions and updates throughout its 2011-2012 lifespan, including a new variant, the Pandora bot. While Dirtjumper's development can be considered ongoing, Dirtjumper always has been used for the purpose of designing botnet Trojans that launch DDoS attacks. These attacks flood designated websites with illegitimate traffic and disable them temporarily, while the infected PCs may suffer from poor performance due to the intense resource usage these concealed traffic floods require.

Dirtjumper's history includes several notable attributes: its poor coding, which has led to counterattacks and significant knowledge acquisition by relevant PC security companies, as well as Dirtjumper's tendency to target both anti-malware websites and financial institutions in its DDoS assaults. In the case of bank websites, the most recent Dirtjumper DDOSing efforts have been found to be part of a two-pronged attack, as SpywareRemove.com malware researchers have noted below:

  • Initially, a bank employee's PC is compromised and infected with spyware. This spyware collects passwords and other information that could be used to access the bank's database.
  • Once the information has been stolen, criminals launch a separate attack on the bank's website. This attack uses a botnet of other infected computers to bring down the site in a Dirtjumper-assisted DDoS attack. Typically, such website blackouts only prevail for a very short time.
  • While bank employees are attempting to deal with the DDoS attack, the stolen information is used in a series of fraudulent transactions that pad the pockets of the Dirtjumper-using criminals.

How to Join Efforts in Bringing Dirtjumper to an End

Of course, SpywareRemove.com malware analysts can't recommend strongly enough that bank employees avoid clicking suspicious links, downloading unusual files or visiting untrustworthy sites on their work computers. However, regular PC users also will need to take appropriate precautions to prevent their own systems from being recruited into a Dirtjumper botnet. Since Dirtjumper Trojans don't display obvious symptoms, anti-malware products should be relied upon detect Dirtjumper when required or delete Dirtjumper-based PC threats.

Aliases that Dirtjumper can be detected by include W32/SKILL.ASK!TR.BDR, BACKDOOR.WIN32.SKILL.DM, Trojan.AGENT.ARZW and TR/AGENT.ARZW.

Loading...