[XPerties]

SecurityFocus has identified a new hybrid tool that combines distributed denial of service (DDoS) tools, with the automated propagation techniques previously seen only in worms.

On November 20th, at approximately 4 AM PST, SecurityFocus ARIS™ Incident Analysts identified a rapidly growing network of controlled agents or "bots", increasing 600% in the last 6 hours, which can be used to launch a DDoS attack. The tool is propagated through incorrectly configured Microsoft™ SQL server systems by scanning the System Administrator accounts that contain a password specified by the attacker.

SecurityFocus recommendations: Verify that the System Administrator "sa" account does not have a blank password if running Microsoft SQL server
Use a firewall to block port 1433

The tool named "Voyager Alpha Force," a modified and enhanced version of the DDoS tool, Kaiten, is human controlled through Internet Relay Chat (IRC) communications by connecting to an IRC server and joining a password-protected channel. An attacker is effectively able to control a large number of agents residing on compromised hosts, by issuing commands that would initiate a DDoS attack or cause the program to continue propagating.


[b:462796d514]Source: security focus[/b:462796d514]


-XPerties

[Micropocalypse]

cool