Malware As A Video Game: “Voluntary Botnets” Being Used In Pro-WikiLeaks DDoS Attacks

Hadn’t really posted anything here yet about the ongoing WikiLeaks saga, but like seemingly every other network security commentator in the world, I was tapped this morning for commentary on the DDoS (direct denial-of-service) attacks being launched by hacktivists in support of WikiLeaks. (And thanks for thinking of me, KCBS!)

While these types of attacks can be hard to defend against, it seems to me that many of the targets (e.g., Amazon, PayPal) are already fairly well geared-up to protect against that indirect denial-of-service attack known as the holiday shopping season.

And indeed, various outlets are reporting today that the so-called Operation Payback attacks haven’t had a huge affect on large targets like Amazon. (See, for example, the Guardian’s article, “Operation Payback fails to take down Amazon in WikiLeaks revenge attack.“)

Of course, less robust operations that have also been targeted (such as the website for Sarah Palin’s official political action committee, which seems to have gone all 404) are being affected.

None of this is really a surprise. One thing that I do find interesting is the use of so-called “voluntary botnets” as well as “traditional” botnets to carry out these attacks. This article at DigitalTrends (see “WikiLeaks supporters using volunteer and zombie botnets“) has a good description of what’s going on.

That article includes a screenshot (I clipped a bit of it here to illustrate this post) of a tool called “Low Orbit Ion Cannon” that has apparently been used in the attacks. From the looks of it, this program aims to make participating in DDoS attacks into something like playing a massively multiplayer video game.

Pretty interesting social engineering, no? Reminds me a bit of phishing campaigns we saw last year that attempted to recruit people into voluntarily installing malware to launch DDoS campaigns against websites associated with President Obama.

As I said then, regardless of one’s political leanings (or need to indulge adolescent power fantasies), voluntarily installing software like this is likely an extremely bad idea… Not just because launching such attacks is illegal, but because the software itself is likely a gateway for many other types of malware.

Keith Crosley directs corporate communications for Proofpoint. Keith’s job entails the promotion of Proofpoint e-mail security solutions to press, analysts and the enterprise e-mail security market at large. His blog covers a wide variety of e-mail security topics including anti-spam, phishing, identity theft, data breaches and the policy, culture and technology issues that surround e-mail. Previous positions have included director, corporate communications at Elance, senior director, worldwide public relations at BroadVision and director of marketing at WiredPlanet.com. As a key spokesperson for Proofpoint and e-mail security evangelist/researcher, he takes part in television and radio appearances. Avocationally and semi-professionally, he is a filmmaker, musician and all-round multimedia enthusiast.