You might not have heard about Dirt Jumper yet, but the bad guys have. In fact, the high-risk and highly-effective DDoS toolkit is probably the most aggressive of the malware tools being employed by DDoS attackers at the moment, and the situation is set to get much worse very quickly as versions of Dirt Jumper are now appearing for sale at underground Web marketplaces for as little as $150 a time.
Prolexic Technologies, which specialises in Distributed Denial of Service (DDoS) mitigation services, has today issued an in-depth threat advisory for Dirt Jumper together with a custom-developed scanning tool that can be used to detect Dirt Jumper command and control servers. Neal Quinn, vice president of operations at Prolexic, warns that his company is "seeing this tool used against clients worldwide and it is likely to become more widespread and effective as distribution spreads."
The Prolexic Security Engineering and Response Team (PLXSERT) has certified the toolkit as a high-risk threat following extensive analysis of Dirt Jumper v3. The newest variant, Dirt Jumper September, which comes with an enhanced control panel making it even easier for attackers to use, has been painstakingly analysed and the threat advisory itself includes full details of the payload as well as a detailed breakdown of attack signatures by attack type.
Most interestingly though, PLXSERT has developed a custom tool to scan for suspected HTTP command and control servers utilizing Dirt Jumper strains. Dirt Dozer is being released as a free public service in order to enable any organisation to protect itself from this nasty little bit of malware and can be downloaded here .