New variants of Web attack tools found

New strains of infamous DDoS applications discovered by security experts
Written by Will Knight, Contributor

Computer security company Information Security Systems (ISS) has issued a warning about new variants of the tools used to launch distributed denial of service (DDoS) attacks on major Web sites in February.

Principal consultant with ISS security assessment services Gunter Ollmann says that, although these new variants were discovered only recently, reports about them being used in the wild have already come in. The alert -- issued by the ISS X-Force researchers -- concerns new versions of two hacking tools: Trinity and Stacheldraht.

These tools allow a user to bombard an Internet site with an avalanche of fake traffic from remotely operated "zombie" computers. They were used, along with a program called Tribal Flood Network, earlier this year to attack major Internet sites including Yahoo!, CNN, Amazon and eBay, rendering these sites inaccessible. This attack highlighted a major new threat to the visibility of commercial Internet sites with little obvious means of defence.

A new strain of Trinity has been discovered called "entitee" along with two new variants of Stacheldraht known as "Stacheldraht 1.666+antigl+yps" and "Stacheldraht 1.666+smurf+yps". The new variants come with some new command features designed to improved the effectiveness of attacks.

However, the discovery of these variants is not, says Ollmann, yet a cause for serious alarm, although security professionals need to be on their guard. "An awful lot of companies that provide security internally will rely on automated tools," he says. "[The alert] is just to say that there are things out there that are not yet on your scanners and give some advice on how to detect them."

The US government's Computer Emergency Response Team (CERT) recently issued its own warning about the number of computers that have recently been compromised and fitted with Stacheldraht and Tribal Flood Network.

Information is available from the ISS Web site concerning these new variants as well as both Stacheldraht and Trinity.

Take me to the Hackers News Special

What do you think? Tell the Mailroom. And read what others have said.

Editorial standards