ZeroAccess Botnet may be Used to Initiate Persuasive DDoS Attacks
There have been countless cases of older malware threats being repurposed to carry out attacks waged by nifty hackers. It seems as if hackers never waste whatever ammo they had in their arsenal, no matter the age, to launch newly-staged attacks wherever and whenever they can.
In the latest occurrence of "what's old is new again" in the world of malware, it has been found that the ZeroAccess Trojan may be abused in a way to launch DDoS attacks with an extremely high effective rate. The independent security researcher that goes by the name of MalwareTech claims to have discovered methods that attackers are utilizing to leverage the botnet capabilities of ZeroAccess to take down targeted sites through an aggressive DDoS attack.
In the discovery made by MalwareTech, ZeroAccess is thought to prompt messages for its botnet to communicate from one infected machine to another nearly acting much like small servers or supernodes. Other infected systems could serve as end-points that may also aid in relaying orders from the Command & Control servers (C&C) through use of simple UDP (User Datagram Protocol) packets, or what is known as a minimal message-oriented transport of data.
The complete process of ZeroAccess-infected machines sending notifications from one another is rather clever if you think about it. The complex makeup of the threat would permit the botnet to add additional information to each packet of data transmitted, thus adding more details about the network's structure that armed the threat with enough information so a destructive DDoS attack could be waged.
The transmittal of supernodes, or additional data added to the UDP packet, would add several bytes on top of the original packet size. In issuing a large amount of data per packet, a DDoS attack utilizing the methodology would essentially amplify its effectiveness, so much that it would take down sites that utilized NATs (Network Address Translation). NATs are software applications that translate public IPs to private IP addresses to maximize the IPv4 address space it utilizes. To protect servers and sites from being besieged by common DDoS attacks, the use of NATs is among one of several protection methods.
As it turns out, the ZeroAccess botnet in its most recent form is claimed to be so aggressive about its DDoS attacks, ones that carry a 26.5 amplification factor - double the typical factor in common DDoS attacks, that it fundamentally ignores most protection methods put in place to thwart DDoS attacks.
MalwareTech has probably uncovered one of the most aggressive forms of DDoS attacks in the latest variant of ZeroAccess, which has yet to be confirmed as being a legitimate case of what a hacker armed with ZeroAccess would do. Until the proof of concept in the use of ZeroAccess with a nearly guaranteed successful DDoS attack takes place, MalwareTech's findings will continue to be theoretical, even if the finding proves to be plausible in the eyes of the computer security community.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.