Start New Discussion within our Information Security Community

You might not have heard about Dirt Jumper yet, but the bad guys have. In fact, the high-risk and highly-effective DDoS toolkit is probably the most aggressive of the malware tools being employed by DDoS attackers at the moment, and the situation is set to get much worse very quickly as versions of Dirt Jumper are now appearing for sale at underground Web marketplaces for as little as $150 a time.

Prolexic Technologies, which specialises in Distributed Denial of Service (DDoS) mitigation services, has today issued an in-depth threat advisory for Dirt Jumper together with a custom-developed scanning tool that can be used to detect Dirt Jumper command and control servers. Neal Quinn, vice president of operations at Prolexic, warns that his company is "seeing this tool used against clients worldwide and it is likely to become more widespread and effective as distribution spreads."

The Prolexic Security Engineering and Response Team (PLXSERT) has certified the toolkit as a high-risk threat following extensive analysis of Dirt Jumper v3. The newest variant, Dirt Jumper September, which comes with an enhanced control panel making it even easier for attackers to use, has been painstakingly analysed and the threat advisory itself includes full details of the payload as well as a detailed breakdown of attack signatures by attack type.

Most interestingly though, PLXSERT has developed a custom tool to scan for suspected HTTP command and control servers utilizing Dirt Jumper strains. Dirt Dozer is being released as a free public service in order to enable any organisation to protect itself from this nasty little bit of malware and can be downloaded here .

Attachments dirtdozer.jpg 30.43 KB

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Dirt Dozer is being released as a free public service in order to enable any organisation to protect itself from this nasty little bit of malware and can be downloaded here .

Nice article. Thanks for sharing! I will try it out (I'm a bit cautious) but it shouldn't crash my OS.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.