Number: IRCNE2014092328
Date: 2014/09/30
According to “cnet”, Akamai’s Prolexic division has warned of the growing threat from a Chinese toolkit that has started infecting Linux, Windows and embedded systems in order to launch DDoS attacks peaking at hundreds of Gigabits per second.
Dubbed the ‘Spike’ toolkit, the malware started life targeting Linux servers earlier in 2014 but now seems to have been ported to run on Windows (both PCs and servers), consumer and SME routers, and even Internet of Things (IoT) devices such as thermostats.
This means it can also infect Linux-based desktops and embedded devices running on ARM – to demonstrate this, Akamai’s engineers were able to get the bot up and running on the humble Raspberry Pi home computer.
Capable of generating a surge of conventional SYN, UDP and GET traffic as well as DNS floods, the malware had already been responsible for a number of large botnet-driven attacks, including one in Asia that peaked at an alarming 215Gbps across its ‘scrubbing’ centres, according to Akamai.
"This DDoS kit is designed to build botnets from devices and platforms that system administrators may not have thought to be at risk for botnet infection in the past. Enterprises need system hardening to prevent initial infection and DDoS protection to stop DDoS attacks from the Spike bots.”
The good news is that the malware should be easy to spot, assuming people know how to defend against it. On servers, this means ‘hardening’ systems at Layer 3 using Access Control Lists (ACLs), or at layer 7 using signatures for systems such as SNORT or the YARA open source malware detection tool.
- 5