Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DDoS Attack Threats | Storm Network Stress Tester | Akamai Presentation


Published on | The Storm Network Stress Tester DDoS crimeware toolkit targets Windows XP (or higher) operating systems, infecting computers with malicious software that turns them into attacker-controlled, obedient zombies. Once infected, malicious actors can manipulate the computers they control remotely, allowing an almost unlimited variety of abuse. Find out more about this DDoS threat in the full Prolexic Storm Network Stress Tester Threat Advisory,

Published in: Business
  • Be the first to comment

  • Be the first to like this

DDoS Attack Threats | Storm Network Stress Tester | Akamai Presentation

  1. 1. Storm Network Stress Tester: Security Threat Highlights from a Prolexic DDoS Threat Advisory
  2. 2. ©2014 AKAMAI | FASTER FORWARDTM What is Storm Network Stress Tester • Storm is an Asian crimeware kit designed for the creation of botnets for DDoS attacks • Malicious actors use Storm to generate an executable payload Users on other computers are then tricked into downloading and running the executable • Once executed on a Windows XP (or higher) machine, Storm establishes remote administration (RAT) capabilities • Attackers can then command infected computers to execute a DDoS attack against a target
  3. 3. ©2014 AKAMAI | FASTER FORWARDTM Remote Administration (RAT) • Once installed, Storm exposes RAT capabilities • Attackers can •Perform directory traversal •Upload and download files •Remotely execute commands •Activate DDoS attack capabilities • These versatile capabilities allow for almost any form of cybercrime, including the extraction of sensitive personal data and the infection of other machines
  4. 4. ©2014 AKAMAI | FASTER FORWARDTM DDoS Capabilities • Storm supports up to four simultaneous DDoS attack types • UDP, TCP, and ICMP attacks are all supported • A single infected machine, using only a single attack type, was able to generate up to 12 Mbps of DDoS traffic • Potential for massive attacks by exploiting a large number of infected hosts
  5. 5. ©2014 AKAMAI | FASTER FORWARDTM Infection Targets • Storm targets Microsoft Windows operating systems (XP and later) • Execution of Storm payloads on Vista and later operating systems requires disabling User Access Control (UAC) – XP lacks this feature • However, sophisticated attackers have bypassed this limitation to increase the rate of infection • Storm infection still a threat to later operating systems • Infection rates likely to be much higher on XP
  6. 6. ©2014 AKAMAI | FASTER FORWARDTM The Chinese Connection • The program contains multiple references to China in the code and filenames •i.e. - “Windows China Driver” • Windows XP is the dominant operating system in China – 60% of desktop computers use XP • Storm appears to be designed to infect victims running XP operating systems in China • Massive demographic of potential zombies means a serious potential for massive, orchestrated DDoS attacks against targets worldwide
  7. 7. ©2014 AKAMAI | FASTER FORWARDTM Command Structure • Storm follows a client- server architecture • Payloads are sent out from a command-and- control (C2) server • Infected hosts connect back to C2 and wait for commands • The C2 can then manipulate the zombies through RAT commands and order DDoS attacks
  8. 8. ©2014 AKAMAI | FASTER FORWARDTM If you are a target of a Storm Attack • Attackers can easily use tools like Storm to set up and control botnets for DDoS attacks • The Storm Network Stress Tester Threat Advisory by the Prolexic Security Engineering and Research Team (PLXsert) explains how to mitigate Storm DDoS attacks •Attack signatures against Storm TCP, UDP, and ICMP attacks •Identifying strings in the binary and process names
  9. 9. ©2014 AKAMAI | FASTER FORWARDTM Threat Advisory: Storm DDoS toolkit • Download the threat advisory, Storm Network Stress Tester, at • This DDoS threat advisory includes: • Indicators of infection by the Storm kit • Architecture of the crimeware kit • Dropper payload generation and infection • Fortification methods • Command structure • DDoS attack types, payloads and attack signatures
  10. 10. ©2014 AKAMAI | FASTER FORWARDTM About Prolexic (now part of Akamai) • We have successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers