The Akamai Prolexic Security Engineering & Response Team (PLXsert) has discovered a new tool attackers could use to target Microsoft Windows. The PLXsert advisory describes it this way:
The Storm kit is capable of infecting Windows XP (and higher) machines for malicious uses, including execution of DDoS attacks. Once a PC is infected, the Storm Network Stress Tester crimeware kit establishes remote administration (RAT) capabilities on the infected machine, enabling file uploads and downloads and the launching of executables, including four DDoS attack vectors.
A single PC infected by the new Storm crimeware kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. As a result, orchestrated botnet attacks pose a significant DDoS threat. In addition, the RAT capability enables a variety of malicious activity, including the infection of other devices.
The RAT capabilities provide criminals with an all-purpose crimeware platform that can be used for a variety of malicious activity, including the infection of other devices, the advisory says.
"Remote administration lets malicious actors take over a PC from a distance, even from another continent," said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. "In the last year, we've seen a growing volume of cyber-attacks coming from Asia. The Storm kit seems to have been custom-designed to infect and control vulnerable Windows XP machines in China."
One PC infected by the kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. The kit comes pre-programmed to launch four types of DDoS attacks at once, increasing the potential attack volume.
A free download of the full advisory is available here.
Akamai PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through digital forensics and post‐attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers and the security community.
By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.