Out-Law / Your Daily Need-To-Know

SecurityFocus, a Californian security intelligence company, has identified a new hybrid tool that combines distributed denial of service (DDoS) tools with the automated propagation techniques previously seen only in worms.

The company yesterday identified a rapidly growing network of controlled agents or "bots", increasing 600% in the space of 6 hours, which can be used to launch a DDoS attack. Such an attack is where numerous systems are exploited to unwittingly attack a single target system with a flood of untraceable requests to the server which ultimately disable the target system, thereby denying service to the system to legitimate users.

According to SecurityFocus, the tool, named "Voyager Alpha Force," is propagated through incorrectly configured Microsoft SQL server systems by scanning the System Administrator accounts that contain a password specified by the attacker.

The tool is human controlled through Internet Relay Chat (IRC) communications by connecting to an IRC server and joining a password-protected channel. An attacker is effectively able to control a large number of agents residing on compromised hosts, by issuing commands that would initiate a DDoS attack or cause the program to continue propagating.

The emergence of this tool highlights previous warnings that DDoS activity is on the increase, and that the sophistication of DDoS technology is advancing at a fast pace.

SecurityFocus recommendations:

  • Verify that the System Administrator "sa" account does not have a blank password if running Microsoft SQL server; and
  • Use a firewall to block port 1433

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.