Bonus $100
Promo Codes 2024
Users' Choice
90
89
88
85

Asia is a top source of new DDoS threats

09 Sep 2014
00:00
Read More

Asia now appears to be a significant source of DDoS development, according to an Akamai Technologies threat advisory, which warns of a high-risk threat of IptabLes and IptabLex infections on Linux systems.

Command and control centers are currently located in Asia and the botnet has been used mainly to attack gaming and gambling verticals. The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities.

Infected systems were initially known to be contained in Asia.

However, an increasing number of infections have been spreading and were recently observed on servers hosted in the US and other regions.

In the threat advisory, Prolexic Security Engineering & Research Team provides bash commands to clean an infected system. In addition, PLXsert shares a YARA rule in the threat advisory to identify the ELF IptabLes payload used in an observed attack campaign. PLXsert anticipates further infestation and expansion of this DDoS botnet and has released the threat advisory to prevent further infestation and spread of this botnet.

Malicious actors behind this botnet have produced significant DDoS attack campaigns, forcing target companies to seek expert DDoS protection. This bot seems to be in an early development stage and shows several signs of instability. More refined and stable versions could emerge in future attack campaigns.

PLXsert anticipates further infestation and the expansion of this botnet. Future DDoS attack campaigns may target other industry verticals and involve other regions. Further development will likely be driven by opportunities for monetization or takeover of the botnet by different groups in the DDoS-for-hire market.

.

Related content

Tags:
Rating: 5