Attacking a website just for a few dollars

Researchers have discovered a new service of DDoS attacks built from code leaks

Specialists in digital forensics and cybersecurity from the International Institute of Cyber Security report the emergence of a new service to deploy Denial-of-Service (DDoS) attacks that any user could hire called “0x-booter” created from leaked code that implements a very easy-to-use interface.

According to the research carried out, 0x-booter was first detected on October 17, 2018; the operators of the tool assure that this has more than 500 Gbps of power and 20k bots to abuse.

“During a regular monitoring day, the team of digital forensics experts recently discovered a new platform offering the DDoS for hire service called 0x-booter, reports the security notice.

“Appeared for the first time on October 17, 2018, the 0x-booter platform is available to anyone who registers on the tool’s website. As shown below, this service comes with an explicitly defined user interface that allows practically anyone to learn to use the service”.

This DDoS-for-hire service is powered by the botnet Bushido IoT; researchers believe that the service has less capacity and fewer bots than it claims. In the analyses performed, the 0x-booter service was able to carry out attacks of 424,825 Gbps, using a little more than 16k bots.

Still, the service has the potential to create serious problems for the attacked websites.

This paid service allows users to drive different attacks, mainly in the transport and application layers.

The prices for the 0x-booter service are located in a range of between $20 and $150 USD, depending on various parameters, including the number of attacks, the duration of an attack, and the customer service offered by the operators.

Researchers were able to discover the following .JSON files that provided information about this service:

  • php: This file contains a list of all DDoS attack methods available with their corresponding value of attacks made
  • php: This file contains a list of dates with the corresponding number of all attack methods made per day

According to the second file content, the service has been used to deploy more than 300 DDoS attacks from October 14th to this date.

According to experts in digital forensics, the botnet Bushido is operated by a group called ZULLSEC and was detected for the first time by the security investigators from the MalwareMustDie organization, which also discovered the Mirai botnet at the time. Bushido is a modified version of Mirai, but optimized for launching DDoS attacks, as well as implementing more options.

“After analyzing both the website and the botnet, we found that the codes used have been copied and pasted from an open source, modifying it for malicious actors’ own purposes”, the security report continues. “Even the 0x-Booter website is based on another booter/stresser named Ninjaboot, whose source code leaked into hacking forums last year”. Even though the botnet Bushido has its own name, it takes a lot of the Mirai code”.

Experts noted that thanks to this service, any user with a few dollars and almost no knowledge could cause considerable damage.

(Visited 1 1,591 times)