14 DAY TRIAL // Arbor Networks researchers have come across another DirtJumper sample. The new version comes with some interesting features, including one that’s designed to bypass some known DDOS attack mitigation mechanisms.
Experts say this DDOS malware is the first to attempt to detect and bypass mitigation systems.
The malware can be used for 4 new attacks: -icmp, -byte, -long, and –smart. The –smart attack is the one that incorporates the DDOS mitigation bypass techniques.
“The attack sends an initial attack packet and then looks for either a Set-Cookie or a Location header and will parse out either the Cookie value or new URL location using those values in the next packet it sends,” Arbor researchers noted.
“It will also look for a meta equiv refresh tag,location= or document.location.href inside of the response from the server in an attempt to defeat mitigations using those countermeasures as well,” they added.
Experts believe it’s likely that such functionality will be implemented in other pieces of malware in the future.
Additional technical details on this DirtJumper variant are available on Arbor Networks’ blog.