DDoS attackers turning to simple 'booter' scripts, Prolexic warns

01.05.2012
Internet criminals are sidestepping the need to launch DDoS attack from large networks of malware-compromised bot PCs by using simpler server 'booter shells', mitigation firm Prolexic .

'Booter shells' or plain 'booters' are simple PHP, .ASP or Perl script template files planted on compromised servers to direct Get/Post commanded HTTP floods to overload target servers.

As Prolexic explains in its advisory, the approach has several advantages over conventional botnet DDoS attacks, starting with technical simplicity. Even non-technical users can place them on hosted or compromised servers, building a bot from individual servers with up to 1,000 times the capacity of a single PC.

It is also cheaper and quicker; there is no need to use complex malware and bot command and control infrastructure to create armies of zombies.

Many scripts are now available on the hacking underground and even Pastebin and no cost including several leading contenders - Greenshell, nBot and DeLiRiUm's DoS .ASP script - deconstructed some detail by Prolexic.

"Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks," said Prolexic COO, Neal Quinn.

"For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We've entered the age of DDoS-as-a-Service," he said.

The company had even encountered one interface, Sexy Booter, that turns the shell boot loader concept into an automated service, said Quinn.

"Businesses have to be prepared for DDoS attacks of a nature they may never have seen before."

Prolexic (which of course sells its own anti-DDoS services) has released an advisory analysis for its customers and anyone interested in the booter phenomenon on its website (reg).

The company recently cautioned on the sudden rise in DDoS attacks directed against the financial services sector.