NEWSubscribe to Receive Free E-mail UpdatesSubscribe

#RefRef – The new DDos Tool By Anonymous

Anonymous is all set to launch its new operation of hacking and defacing the top websites with a new DDoS tool . The tool is considered as the successor of their previous DDos tool called LOIC.

The tool is said to be out for download only in the late of September. The tool is said to be platform independent and leverages Javascript and vulnerabilities within SQL .

According to Developer "RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection."

The tool is very effective, a 17-seconds attack from a single machine resulting in a 42-minute outage on Pastebin yesterday. As expected, the Pastebin admins weren't very happy with their platform being used for such tests and tweeted "Please do not test your software on us again."

The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool's GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Some security experts have been skeptical that the success of Anonymous's DDoS attacks can be explained through LOIC alone. They proposed that some of the group's supporters also have access to botnets, a theory that has partially proven to be correct.

Article Posted by : Abhinav Singh { Security / Hacking Section}

Stay tuned with us at Facebook & Twitter and Subscribe Email to get updates on latest Tech Updates.

Post a Comment