The company yesterday identified a rapidly growing network of controlled agents or "bots", increasing 600% in the space of 6 hours, which can be used to launch a DDoS attack. Such an attack is where numerous systems are exploited to unwittingly attack a single target system with a flood of untraceable requests to the server which ultimately disable the target system, thereby denying service to the system to legitimate users.
According to SecurityFocus, the tool, named "Voyager Alpha Force," is propagated through incorrectly configured Microsoft SQL server systems by scanning the System Administrator accounts that contain a password specified by the attacker.
The tool is human controlled through Internet Relay Chat (IRC) communications by connecting to an IRC server and joining a password-protected channel. An attacker is effectively able to control a large number of agents residing on compromised hosts, by issuing commands that would initiate a DDoS attack or cause the program to continue propagating.
The emergence of this tool highlights previous warnings that DDoS activity is on the increase, and that the sophistication of DDoS technology is advancing at a fast pace.
SecurityFocus recommendations:
- Verify that the System Administrator "sa" account does not have a blank password if running Microsoft SQL server; and
- Use a firewall to block port 1433
