"I can put a thousand bots ..."
Today we published a report on DDoS attacks in the second half of 2011, where you can learn about global events such as DDoS attacks on stock exchanges and the emergence of the Anonymous group, as well as new attack techniques, and, of course, statistics on the world.
Distribution of DDoS traffic sources by countries. Second half of 2011
• In the second half of 2011, the maximum power of attacks reflected by Kaspersky DDoS Prevention increased by 20% compared to the first half of the year and amounted to 600 Mbit / s or 1,100,000 packets / second (UDP flood in 64-byte short packets).
• The average power of the reflected Kaspersky DDoS Prevention attacks in the second half of 2011 increased by 57% and amounted to 110 Mbit / s.
• The longest DDoS attack recorded in the second half of the year lasted 80 days 19 hours 13 minutes 05 seconds and was aimed at a travel site.
• The average duration of DDoS attacks was 9 hours and 29 minutes.
• Most DDoS attacks during the second half of the year - 384 - were targeted at the site of one of the cybercriminal portals.
• DDoS attacks were carried out from computers located in 201 countries of the world.
')
Only for Habrahabr readers we decided to give a small bonus: part of the correspondence of two or several people who simultaneously administer the command server of one of the DDoS botnets that we have under surveillance. Apparently, the botnet was managed via a Jabber server, which was also used for correspondence. Thus, we recorded not only commands for DDoS attacks, but also informative messages from administrators.
[2011.05.29 15:42:22 MSD] I can put a thousand bots, if necessary
[2011.05.29 16:53:28 MSD] let's see what happens
[2011.05.29 18:05:12 MSD] who will?) Me? .. if I don’t need ^) ^)
[2011.05.29 20:13:37 MSD] So where are the bots?
[2011.05.29 22:08:54 MSD] tomorrow, today everyone drinks, including myself.
[2011.05.29 22:55:30 MSD] I'll be waiting ...
[2011.05.30 00:01:27 MSD] ICQ is there?
[2011.05.30 00:05:30 MSD] yes, 12 asek - where I am and more than 15 thousand, which I distribute :)
[2011.05.30 01:05:11 MSD] damn, I need to encrypt my ekse ((without this, the virus does not normally distribute.
[2011.05.30 13:22:29 MSD] 6291 ** 74, knock in the evening) oke, why did you choose such a crap host?
[2011.05.30 15:38:08 MSD] did not understand about the host? is your host bad or what?)
[2011.05.30 17:05:24 MSD] why mine? I just fumbled the server and fumbled over it)) and host x *** I
[2011.05.30 17:27:59 MSD] which server? you confused me ((vodportal chtoli?
[2011.05.30 17:27:59 MSD] If yes ... then they just insolently became arrogant ... conceived chtoli)
[2011.05.30 17:40:15 MSD] there is no hosting server, and fumbled over it to find a tasty one, a campaign
[2011.05.30 23:42:28 MSD] did not understand anything ((You confused me ((
[2011.05.30 23:43:29 MSD] If about the attack in different places from one bespantogo site, which as hosting too ... then it was for the sake of science.
[2011.05.30 23:49:48 MSD] did not understand anything ((You confused me ((icq: 6291 ** 74 (if you lost)
[2011.05.31 08:47:32 MSD] write 5260 ** 565
[2011.05.31 21:21:21 MSD] bots have dropped online (I’ve removed sites, so ... I’ll be keeping up the last day for 3 dosss
[2011.05.31 21:37:31 MSD] leave only this one, for crap should not work)
[2011.05.31 22:11:07 MSD] OK! I for a minute
[2011.05.31 22:50:29 MSD] in 10 minutes I will turn on yours, we must urgently put this
[2011.06.01 11:19:12 MSD] how long should this site sleep?
[2011.06.01 11:41:26 MSD] to apa yasha (Editor's note: to apa yasha = before updating Yandex)
[2011.06.01 13:54:31 MSD] until apa yasha ... uhhh) long, long time)) ok
[2011.06.01 14:15:51 MSD] today but one more is needed to finish off enough))
[2011.06.01 14:19:56 MSD] 1 more? still 1 day in a dream to hold?
[2011.06.01 16:09:51 MSD] for a minute
[2011.06.01 20:30:39 MSD] until you have to keep him here (
[2011.06.01 21:54:38 MSD] the hosting itself has probably already been kicked out ... I checked, I shot ddos and it did not get up))
[2011.06.02 01:47:04 MSD] the hosting itself has probably already been kicked out ... I checked, I shot the ddos and it didn’t get up)) I WILL TAKE 10-20 THOUSAND BOTS TOMORROW. VERY EXPENSIVE, BUT IT IS NECESSARY) BUT ALL WILL SAVE :))
[2011.06.02 21:59:17 MSD] Yandex issue 01.06.2011 (yesterday)
[2011.06.23 13:05:41 MSD] enough websites already ... which I prescribe to remove.
[2011.06.23 13:06:43 MSD] I only added 1 site and I don’t know his address now (thanks.
[2011.06.26 19:11:26 MSD] never remove the ip attack - they are fooling people here
[2011.07.01 12:04:41 MSD] never in my life attack attack ... find it.
[2011.07.08 09:41:57 MSD] I sell this botnet for 200vmz, do I need?
[2011.07.09 22:03:44 MSD] in a week I turn off this botnet !!!
[2011.07.09 22:03:47 MSD] I'm selling it! Do you need him?
[2011.07.10 13:39:26 MSD] price
Link to the full report on DDoS attacks in the second half of 2011 >>
Distribution of DDoS traffic sources by countries. Second half of 2011
For those interested - the most delicious figures of the past six months:
• In the second half of 2011, the maximum power of attacks reflected by Kaspersky DDoS Prevention increased by 20% compared to the first half of the year and amounted to 600 Mbit / s or 1,100,000 packets / second (UDP flood in 64-byte short packets).
• The average power of the reflected Kaspersky DDoS Prevention attacks in the second half of 2011 increased by 57% and amounted to 110 Mbit / s.
• The longest DDoS attack recorded in the second half of the year lasted 80 days 19 hours 13 minutes 05 seconds and was aimed at a travel site.
• The average duration of DDoS attacks was 9 hours and 29 minutes.
• Most DDoS attacks during the second half of the year - 384 - were targeted at the site of one of the cybercriminal portals.
• DDoS attacks were carried out from computers located in 201 countries of the world.
')
Specially for Habrahabr - bonus:
Only for Habrahabr readers we decided to give a small bonus: part of the correspondence of two or several people who simultaneously administer the command server of one of the DDoS botnets that we have under surveillance. Apparently, the botnet was managed via a Jabber server, which was also used for correspondence. Thus, we recorded not only commands for DDoS attacks, but also informative messages from administrators.
[2011.05.29 15:42:22 MSD] I can put a thousand bots, if necessary
[2011.05.29 16:53:28 MSD] let's see what happens
[2011.05.29 18:05:12 MSD] who will?) Me? .. if I don’t need ^) ^)
[2011.05.29 20:13:37 MSD] So where are the bots?
[2011.05.29 22:08:54 MSD] tomorrow, today everyone drinks, including myself.
[2011.05.29 22:55:30 MSD] I'll be waiting ...
[2011.05.30 00:01:27 MSD] ICQ is there?
[2011.05.30 00:05:30 MSD] yes, 12 asek - where I am and more than 15 thousand, which I distribute :)
[2011.05.30 01:05:11 MSD] damn, I need to encrypt my ekse ((without this, the virus does not normally distribute.
[2011.05.30 13:22:29 MSD] 6291 ** 74, knock in the evening) oke, why did you choose such a crap host?
[2011.05.30 15:38:08 MSD] did not understand about the host? is your host bad or what?)
[2011.05.30 17:05:24 MSD] why mine? I just fumbled the server and fumbled over it)) and host x *** I
[2011.05.30 17:27:59 MSD] which server? you confused me ((vodportal chtoli?
[2011.05.30 17:27:59 MSD] If yes ... then they just insolently became arrogant ... conceived chtoli)
[2011.05.30 17:40:15 MSD] there is no hosting server, and fumbled over it to find a tasty one, a campaign
[2011.05.30 23:42:28 MSD] did not understand anything ((You confused me ((
[2011.05.30 23:43:29 MSD] If about the attack in different places from one bespantogo site, which as hosting too ... then it was for the sake of science.
[2011.05.30 23:49:48 MSD] did not understand anything ((You confused me ((icq: 6291 ** 74 (if you lost)
[2011.05.31 08:47:32 MSD] write 5260 ** 565
[2011.05.31 21:21:21 MSD] bots have dropped online (I’ve removed sites, so ... I’ll be keeping up the last day for 3 dosss
[2011.05.31 21:37:31 MSD] leave only this one, for crap should not work)
[2011.05.31 22:11:07 MSD] OK! I for a minute
[2011.05.31 22:50:29 MSD] in 10 minutes I will turn on yours, we must urgently put this
[2011.06.01 11:19:12 MSD] how long should this site sleep?
[2011.06.01 11:41:26 MSD] to apa yasha (Editor's note: to apa yasha = before updating Yandex)
[2011.06.01 13:54:31 MSD] until apa yasha ... uhhh) long, long time)) ok
[2011.06.01 14:15:51 MSD] today but one more is needed to finish off enough))
[2011.06.01 14:19:56 MSD] 1 more? still 1 day in a dream to hold?
[2011.06.01 16:09:51 MSD] for a minute
[2011.06.01 20:30:39 MSD] until you have to keep him here (
[2011.06.01 21:54:38 MSD] the hosting itself has probably already been kicked out ... I checked, I shot ddos and it did not get up))
[2011.06.02 01:47:04 MSD] the hosting itself has probably already been kicked out ... I checked, I shot the ddos and it didn’t get up)) I WILL TAKE 10-20 THOUSAND BOTS TOMORROW. VERY EXPENSIVE, BUT IT IS NECESSARY) BUT ALL WILL SAVE :))
[2011.06.02 21:59:17 MSD] Yandex issue 01.06.2011 (yesterday)
[2011.06.23 13:05:41 MSD] enough websites already ... which I prescribe to remove.
[2011.06.23 13:06:43 MSD] I only added 1 site and I don’t know his address now (thanks.
[2011.06.26 19:11:26 MSD] never remove the ip attack - they are fooling people here
[2011.07.01 12:04:41 MSD] never in my life attack attack ... find it.
[2011.07.08 09:41:57 MSD] I sell this botnet for 200vmz, do I need?
[2011.07.09 22:03:44 MSD] in a week I turn off this botnet !!!
[2011.07.09 22:03:47 MSD] I'm selling it! Do you need him?
[2011.07.10 13:39:26 MSD] price
Link to the full report on DDoS attacks in the second half of 2011 >>
Source: https://habr.com/ru/post/138702/
All Articles