New DoS Tool Hits Cyber Street

Wednesday, August 3, 2011 @ 11:08 AM gHale

Anonymous supporters are building a new denial of service (DoS) tool that can exploit SQL vulnerabilities.

The new tool is “RefRef” and developed using JavaScript, said The Tech Herald which spoke with its creators. This means that it works in any modern browser on any operating system, including those in smartphones and tablets.

RELATED STORIES
Cyber Report: Crime Costs Climb
Fake Anti Virus via Social Means
Stolen Certificates: True Attacker Booty
Cybercrime Motto: Knowledge Means Profit

The tool is very effective, a 17-second attack from a single machine resulting in a 42-minute outage on one test platform.

The effectiveness of RefRef is because it exploits a vulnerability in a widespread SQL service. The flaw is out there, but not widely patched yet.

The tool’s creators don’t expect their attacks to work on a high-profile target more than a couple of times before the targets figures it out and blocks them, but their thinking is they do not feel companies will rush to patch the flaw quickly and that leaves some room for a few attacks.

This means there are a lot of possible targets out there that will suffer a hit at least once.

“This tool only makes you vulnerable if you don’t keep your systems patched, perform the basic security, which is how Sony got caught with its pants down,” RefRef developers said.

The tool works by turning servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool’s GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.

Anonymous currently uses a tool called Low Orbit Ion Canon (LOIC) in their DDoS campaigns. This tool voluntarily runs via supporters on their machines and can refresh a target page continuously or become part of a botnet, a feature known as the hivemind.

Security experts remain skeptical the success of Anonymous’s DDoS attacks come from LOIC alone. They feel some of the group’s supporters also have access to botnets.



Leave a Reply

You must be logged in to post a comment.