Dirt Jumper, a newer version of the commercial crimeware Russkill kit, has been used to attack numerous websites, particularly in Russia.
Malware related to Dirt Jumper include Simple, September, Khan, Pandora, the Di BoTNet, Wilson explained in a blog.
The binaries and back-end PHP scripting language for Dirt Jumper has been leaked several times. “This makes it easy for someone to make slight modifications to the PHP or Delphi binary code and attempt to re-sell the bot, use the bot for their own purposes, or start making money with their own commercial DDoS service”, Wilson explained.
“It can be difficult to determine if a site has been attacked by Dirt Jumper or one of it’s variants, and if so, which one. Therefore we will refer to all of the bots profiled here as well as any future bots as the Dirt Jumper family”, he said.
“Development will continue, and there are increasing trends towards the development of attack techniques that will bypass certain types of anti-DDoS protection measures. The underground economy continues to flourish, and DDoS services are a piece of that rotten pie”, Wilson concluded.