'Kill switch' flaw found in top web weapon, victims sigh with relief
Security researchers have discovered a vulnerability in a top DDoS attack tool that provides a handy means to neutralise onslaughts.
The Dirt Jumper Distributed-Denial-of-Service (DDoS) Toolkit is one of the most popular attack tools available. It was deployed in a digital siege against security news website KrebsonSecurity.com among many, many other victims in recent months. The weapon works by instructing an army of compromised computers to flood a website with traffic until legitimate visitors are unable to connect.
However a flaw in the software, uncovered by security researchers at DDoS mitigation specialists Prolexic, can be exploited to thwart assaults. Armed with the identity of the C&C server or infected host, and open source penetration-testing tools, it is possible to gain access to the database in the system used to control the PC army and, more importantly, the server-side configuration files, Prolexic discovered.