Armageddon (DDoS Botnet) Started Integrating Apache Killer Exploit
The latest version of Denial of Service Bot (DDoS) named Armageddon integrates a relatively new exploit known as Apache Killer. Armageddon is a Russian malware family exclusively designed to launch DDoS attacks. Because it is sold as a toolkit on underground forums, there is more than one Armageddon-powered botnets on the Internet. Aside from the Apache Killer exploit, the latest Armageddon version also incorporates other application-layer DDoS techniques that target popular Internet forum platforms like vBulletin or phpBB, however these are not particularly ground-breaking.
The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted
"Range" HTTP header to trigger a denial-of-service condition. The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it. The vulnerability exploited by Apache Killer is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix.
Recommendation:- System administrators should upgrade their Apache servers to the latest available version or should implement known work arounds. "There is an update to the
Apache mod_security module that attempts to address this type of attack by filtering requests with 'Range' headers that are too large.
