What is DDoS — Distributed Denial of Service attack?
July 31, 2005
The aim of a Distributed Denial of Service (DDoS) attack is to paralyse online systems. Using a ‘trojan,’ the attacker is able to recruit unprotected hosts and build a network of compromised machines – often referred to as ‘zombies’ or ‘botnets’ – which can then be used to flood the “victim’s” website with requests for information. This continuous and tremendous stream of data requests overwhelms the victim’s site, ensuring it cannot provide any services. The amount of data being sent to the victim will not only overload the victim’s site, but will overload the ISPs connections to the victim and the whole data centre.
Hundreds, or thousands of infected computers are needed to make a DDoS attack a success, but the process of compromising a host is automated. A large number of computers – usually 100,000 or more – are scanned for vulnerabilities and the process only takes a few seconds per computer, which means an attack can be planned and executed in a matter of a few hours.
Using ‘Trojans’ in DDoS attacks
In the computer world, a Trojan can be used to turn your PC into their own computing matter – effectively turning it into a zombie machine. Once under the control of such an illicit program, the Trojan can be accessed by hackers possessing the master, or server, version of the Trojan.
Trojans have the same right on the system as does the logged in user. In other words, if the user can, the Trojan can. This includes deleting or modifying files, installing other software, uninstalling software, or sending sensitive password and login information to a remote server. Computers affected by Trojans can be used to launch DDoS attacks against targeted Internet sites. By having thousands of computers accessing the same site at the same moment, the site servers can sometimes become overwhelmed and may no longer be able to process requests.
Of ‘Trojans’ and ‘zombies’
Just how do Trojans get on the system? Many are sent via email attachment, masquerading as a legitimate piece of software. When the user executes the attachment, the Trojan installs itself to their system. In most cases, there is no indication this has occurred, and the user innocently plays the game before sending it on to the next victim.
While email attachments may be the most common, there are dozens of others ruses used. Once installed, the system is referred to as a zombie as it is now under the control of the attacker. Collectively, the zombied systems are referred to as a botnet. These botnets are then used for a variety of criminal purposes — all of which pose serious risk to the infected user as well as the entire Internet community.
While broadband users are the favorite targets, even dial-up users can be unwitting participants. Various studies have demonstrated that any vulnerable system can be compromised within as little as 5 minutes online.
Protecting against Trojans
PREVENTION is the key. Don’t open unanticipated file attachments from unknown sources. If you know the source, double check with them and make sure they intended to send it. Ask them exactly what it is and why you need it. If it is a game or frivilous application, delete it. Save any attachment you have a need to open and scan it with an up-to-date antivirus scanner before you launch it.
FIREWALL your system. Antivirus software is a must, but it is simply not enough. Whether you connect via dial-up, cable, satellite or DSL, and regardless of your ISP, get and use a personal firewall.
(For information on where to download effective and free Firewalls and to discuss other internet security issues, check out the Technology and Internet Security folder in the PMT Forum.)
- Excerpts from InfoSecurity-Magazine.com and About.com