Related Links

Related Stories

Top 5 Stories


Imperva CTO explains how servers are being infected by hackers in new denial-of-service attacks

14 May 2010

As reported on Wednesday, Imperva claims to have uncovered a new generation of Denial-of-Service (DoS) attacks that appears to be more powerful, more efficient and less detectable than traditional methods. Infosecurity had a chance to chat with the firm’s CTO, Amichai Schulman, on how this new hacker attack methodology actually operates.

According to the data security specialist’s CTO, the arrival of this more advanced type of DoS attack shows that hackers are constantly developing and using more advanced methodologies.

Unlike traditional DoS methods that capitalise on bot-infected PCs, he told Infosecurity that the attackers have turned the web servers themselves into payload-generating bots.

Rather than use the server as a means of distributing a DoS attack using a swarm of infected remote bots, he explained, the hackers are infecting the servers themselves with a malicious DoS application.

Then, through the use of a simple software programme with a dashboard and control panel, the hackers configure the IP, port and duration of an attack.

Put simply, Imperva says they insert the URL they wish to attack, click and then start hacking.

Schulman said that his research team was able to acquire the source code of this application and has worked out how the hacker code operates.

"When we looked at it, it was a lot simpler than we expected. You're talking maybe 40 lines of code for the infection and then another 40 lines of code for the hacker user interface", he said.

"Compromising servers [in this way] actually makes a lot of sense - it's 50 to 100 times more effective from a hacker perspective", he added.

The problem from the company perspective is that, whilst corporates are obviously monitoring their incoming traffic, says Schulman, who adds that, if the hackers insert malware onto the server, it generates malicious outgoing traffic, which companies often miss.

"The problem is compounded by the fact that many companies do not deploy anti-virus software on their web servers, but on their other computers. Added to which it's not that difficult to hide a server infection", he said.

"It can therefore make a lot of sense to monitor web servers more closely. It is a solvable problem as it requires new security tactics and new security methodologies", he added.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×