Security vendor exposes vulnerabilities in DDoS rootkit

Info designed to help enterprises mitigate attacks, Prolexic says

In what it says is an attempt to turn the tables on malicious hackers, security vendor Prolexic on Tuesday released details of vulnerabilities it has discovered in a toolkit family used by hackers to launch distributed denial of service attacks against corporate networks.

The disclosure is designed to give IT security staff information they can use to mitigate attacks launched using the DDoS toolkit, according to Prolexic.

The company's vulnerability report specifically details flaws in the command & control component of the Dirt Jumper DDoS toolkit that has been associated with DDoS attacks recently. The flaws allow "counter-attackers to obtain access to the Command and Control (C&C) database backend, and potentially server-side files," the company noted in a statement.

Such counterattacks can result in a total compromise of the toolkit's attack capabilities, Prolexic said.

"With this information, it is possible to access the C&C server and stop the attack," Prolexic CEO Scott Hammack said in statement. "Part of our mission is to clean up the Internet. It is our duty to share this vulnerability with the security community at large."

While such vulnerability disclosures involving malware products are likely to be welcomed by many in the security community, the legality of enterprises using the information to actually launch a counter attack against hackers remains an open question.

In 2004, when a security researcher at Sandia National Laboratories used reverse engineering techniques to trace attacks against the lab to a Chinese hacking group called Titan Rain, he was suspended and eventually fired. The researcher later sued the laboratory for unfair termination and was awarded $4.3 million in damages by a New Mexico jury. The case was later settled for an undisclosed sum.

Attitudes appear to have changed quite a bit since then though.

Earlier this week, for example, the Washington Post reported that the Pentagon is said to be considering allowing its Cyber Command specialists to take whatever defensive actions may be necessary to protect U.S. cyber assets even if it means combating attackers on private networks and in foreign countries.

The plan apparently is to introduce new rules that would permit U.S. military cyber specialists to take action outside U.S. military networks under some pretty narrow circumstances involving threats that could result in "deaths, severe injury or damage to national security", the Post reported.

The proposed rules, if adopted, would represent a marked change from present policies that allow the military to take defensive actions only on its own networks.

With traditional network defenses and security products increasingly unable to stop targeted cyber threats, even many enterprise security executives have begun looking at more military-style approaches for protecting their networks.

In a recent survey of 100 security executives from companies having revenues of $100 million or more, a majority 80% advocated the use of intelligence gathering and situational awareness building as key to defending their networks.

More the half (54%) of the IT security executives surveyed believed their companies would be well served if they were legally allowed to strike back either defensively or pre-emptively at those seeking to attack their network infrastructures, according to the survey which was commissioned by security vendor CounterTack.

Another 27% said they wouldn't mind launching an offensive against an attacker if such a move would help law enforcement.

A growing number of organizations have begun breaking back into servers and networks belonging to their attackers to see what data might have been stolen from them, or to disrupt the attackers command and control capabilities, said Richard Stiennon, a principal at IT-Harvest who contributed to the report.

"All of a sudden it has become a bit of the Wild West out there," said Stiennon.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place