This information runs over the unencrypted HTTP protocol to the C&C server, which means it can be easily intercepted.
When the user starts the attack, this registration runs in the background without their knowledge. The first thing this program does is register the user, including personal information like location (derived from the IP address) and username. We have seen about 900 of our users in Ukraine installing this program in order to conduct DDoS attacks on Russian websites. Since the configuration is downloaded from a remote server, the tool can also support a DDoS attack on any target the server operator/ tool author picks without you knowing.įor example, take the disBalancer program that was even picked up by major media. The analysis of one of these tools shows that it isn’t secure, as it collects personal data that can make users identifiable, such as your IP address, country code, city, location derived from IP address, user name, hardware configuration and system language. We have identified initiatives being shared through social media that encourage regular people to become hackers, by downloading DDoS tools to support DDoS attacks on Russian targets. But these tools are not safe, say Avast Threat Labs researchers.
"Simple tools" allow regular people to participate in DDoS attacks in aid of Ukraine.