As Prolexic explains in its advisory, the approach has several advantages over conventional botnet DDoS attacks, starting with technical simplicity. Even non-technical users can place them on hosted or compromised servers, building a bot from individual servers with up to 1,000 times the capacity of a single PC.
It is also cheaper and quicker; there is no need to use complex malware and bot command and control infrastructure to create armies of zombies.
Many scripts are now available on the hacking underground and even Pastebin and no cost including several leading contenders – Greenshell, nBot and DeLiRiUm’s DoS .ASP script – deconstructed some detail by Prolexic.
“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Prolexic COO, Neal Quinn.
“For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We’ve entered the age of DDoS-as-a-Service,” he said.
The company had even encountered one interface, Sexy Booter, that turns the shell boot loader concept into an automated service, said Quinn.
“Businesses have to be prepared for DDoS attacks of a nature they may never have seen before.”