The idea of controlling multiple, high-bandwidth servers for launching DDoS attacks (versus controlling hundreds of thousands of less powerful malware-infected hosts) has always tempted cybercriminals. A recent high-profile example of this futuristic attack vector is Qassam Cyber Fighters, and their attacks against major U.S. financial institutions. A command and control PHP script in its early stages of development—one capable of integrating multiple (compromised) servers for the purpose of launching distributed denial of service attacks (DDoS) while taking advantage of their bandwidth—has been available for purchase for $800. http://alrt.co/1gEkdAS
Takeaway: Techniques using such attacks cannot be easily thwarted; an enterprise must not only deploy multilayered security, but also have robust support from their ISP for fast notification to the ISP with infected DNS servers. Currently, the PHP script supports four types of DDoS attack tactics, namely DNS amplification, spoofed SYN, spoofed UDP, and HTTP+proxy support. The script also acts as a centralized command and control management interface for all the servers where it has been (secretly) installed.