Last year, a series of record intensity of DDoS-attacks made headlines of world media: most widely covered the scandal with the fall of a site expert in network security, Brian Krebs KrebsOnSecurity, a few days before the attacks exposed the Israeli hackers – scams and attacks, marked the site of French Web.
DDoS (Distributed Denial of Service) – is a zombie attack, but in the figure: the largest carried out with the participation of millions of devices, which dominate the attackers by using viruses. At the appointed hour, hackers give botnet (ie all subordinate devices) command to start bombing the target of the request; bandwidth, which is connected to the target, and computing resources are not enough to handle all requests. As a result, users can not get to the desired page, and traffic plummets. If the site that directed the attack, provides services, it loses the ability to serve customers; so often used for DDoS extortion or intimidation of competitors.
Zombie computers – not always the computers in the everyday sense of the word; attacks on KrebsOnSecurity, for example, carried out with the help of huge devices connected to the Internet – the printers’ smart coffee machines “, but mainly – surveillance cameras and DVRs that the user rarely think about safety.
In late August, it was reported that hackers have found a new, almost inexhaustible resource: tablets and smartphones on Android. WIREX huge botnet, in question in the messages created with the help of nearly 300 apps available in the Google Play Market. Downloading this application, the user makes your smartphone or tablet part of the global network, at any time, ready to attack the victim.
At the peak of its power WireX, it consisted of 120,000 units from a hundred countries. Garbage traffic they created, sending endless HTTP-requests to the victim – were asked to name the purpose of his “name.” Imagine that 120,000 police ask you to introduce yourself and to produce documents; about the same feel of the site server on which the hackers sent his army Androids. Botnet sends a request to a speed of 20 thousand units per second. Actually, it’s not a very big load, even on a low-power channel, but hackers skillfully guided his blow: if all these queries to bring down on the search page of the site, it is possible to exhaust the processing power of the entire site.
When WireX found and defused, he was still small; if it happened later, experts on information security would have to deal with a much more powerful network, says Dzhastin Peyn (Justin Paine), CloudFlare specialist – one of the seven companies that participated in the neutralization of the botnet. The elimination of the botnet was also attended by Akamai, Flashpoint, Google, Dyn, RiskIQ and Team Cymru.
The attacks, according to experts, began on 2 August. Quickly discovered that all the users who send requests have a digital signature of the 26 Latin letters in random order. It was a hint: because of the signature device on Android. The first malicious application that is able to identify, was twdlphqg_v1.3.5_apkpure.com.apk; then there was a three hundred others (names not disclosed). Google removed them from the Play Market and infected devices.
Most often harmful applications pretend something useful – a file manager, media player, ringtones. Even when the app is not active, that part which is responsible for the botnet to work. Almost all anti-virus for Android sees the Offer such as viruses, blocking them and notifies the user.