The attacks – which took place against the Krebs on Security servers on November 17 and 18 – came after he published his latest revelations on the pharma spamming and scamming wars on the internet.
Krebs says that the attack was caused by incessant, garbage requests from more than 20,000+ PCs around the globe infected with malware that allows criminals to control them remotely for nefarious purposes.
“I shared the log files of the attack with Joe Stewart, director of malware research at Dell SecureWorks. Stewart discovered that the botnet responsible for hitting my site appears to have been created with Ruskill, a commercial crimeware kit that is sold for a few hundred bucks on the hacker underground”, says Krebs in his latest security posting.
The researcher notes that Ruskill – aka Dirt Jumper – does its dirty work by forcing infected systems to rapidly request the targeted site’s homepage.
Stewart told Krebs that he suspects – but cannot prove – that the control center for this botnet is noteye.biz, based on traffic analysis of internet addresses in the logs he sent over.
He added that the same attacker also apparently runs a Dirt Jumper botnet at xzrw1q.com, which is also currently attacking Ukrainian news site genshtab.censor.net.ua, and kidala.info.
“According to my logs this botnet did attack your site back in April, so this is some additional circumstantial evidence that suggests the noteye.biz [control network] may have been involved in the recent attack on your site”, Stewart wrote in his analysis.
Krebs says that he has spoken at more than a dozen events so far this year, and the same question nearly always comes up: Do you ever get threatened or attacked?
“For the most part, the majority of the threats or intimidation attempts have been light-hearted”, he said, adding that some of the attacks have been humorous, with a hack of a news site in June and the planting of a fake story claiming that Krebs and F-Secure researcher Mikko Hypponen had been arrested for selling stolen credit cards.