The Drive Malware is a version of the DirtJumper malware and has caught the attention of PC security analysts because of the fact that the Drive includes a component that allows criminals to carry out devastating Distributed Denial of Service (DDOS) attacks. These attacks are used to overload a specific Web server with requests and are used to cause a Web page to become unavailable or to attack specific targets. The Drive has been used against all kinds of targets, from private individuals to high profile DDOS attacks targeting government or banking websites.
The Relationship Between the Drive and the DirtJumper Malware Family
The Dirtjumper family has been around for several years and has been responsible for various high profile malware attacks that received widespread attention. This malware family has been regularly updated since its first appearance several years ago. One of the latest updates, released in 2013, is known as the Drive and contains various features that have captured the scrutiny of PC security researchers.
The Drive is written using Delphi. Compared to earlier variants in the DirtJumper family of malware, the Drive contains a DDOS engine that is significantly more powerful. There are other features in the Drive to be worried about apart from its more powerful DDOS engine. The Drive is supported by several Command and Control servers, some of which have already been detected by PC security researchers. The Drive supports several DDOS techniques and includes at least two POST floods, two connections and data floods, a GET flood and an UDP flood. The Drive can also overload login and search pages with random data in order to make the DDOS attack more effective against Web pages containing a login component or a search box. Apart from this, the Drive uses an advanced string encryption algorithm that makes its attacks more difficult to detect and deflect.
Tracking the Rise of Drive
The Drive is still far from becoming a widespread problem. Even among computer criminals, the Drive is still not widely available for use and only a handful of unique Command and Control host names have been detected by PC security researchers. However, it is worrying that attacks involving the Drive have demonstrated more power than previous versions of this attack. The Drive has been used in DDOS attacks against an online retailer, a search engine, a website with computer security news items and several banks.