In association with heise online

25 August 2011, 11:57

Botnet attacks pizza delivery service

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Miner botnet has reloaded: in addition to Bitcoin mining components, it now includes a module which attempts to take down specific web sites. Its main targets are German pizza delivery services and estate agency portals.

The botnet has it all. Firstly, rather than communicating via a central control server, it uses a distributed peer to peer network. Its initial primary purpose was to mine bitcoins, a virtual online currency. But Kaspersky security specialist Tillmann Werner has discovered that infected computers have recently downloaded a new file, ddhttp.exe. On close analysis, this file turns out to be a version of a bot used for HTTP flooding attacks, which are able to disable web servers by bombarding them with requests.

The program regularly obtains a list of victims from the botnet. Werner told The H's associates at heise Security that the attacks seem to be limited to 31 German and two Austrian web sites in specific industries. All of the targets are either estate agency portals or food industry sites, such as pizza delivery services.

Shortly thereafter, another distributed denial-of-service (DDoS) module was downloaded, this time for UDP flooding attacks. The list of targets is shorter, but no less interesting. It includes IP addresses belonging to companies which provide services for defending against DDoS attacks. This may be the botnet operator reacting to countermeasures by its targets with the aim of increasing the havoc wreaked.

In response to enquirers by Kaspersky, some of the companies on the list have confirmed that they have suffered DDoS attacks involving hundreds of thousands of attacking systems. One of the most prominent victims is During one attack, the company registered attacks from approximately 50,000 IP addresses generating 20,000 – 30,000 requests per second over the course of three hours.

The motive behind the attacks remains unclear. Fortunately, they appear to have ceased yesterday. The botnet is, however, still out there; peer-to-peer (P2P) networks are not easy to take down. The worst case scenario is that the initial warning shot will be followed by more persistent attacks.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit