Dirtjumper
Posted: September 25, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 64 |
| First Seen: | September 25, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Dirtjumper, also IDed as RussKill, is a toolkit that's used to design malicious software and is widely-available to any criminal with a spare two hundred dollars. The Trojans that result from a Dirtjumper toolkit tend to be used to create botnet networks of infected PCs that proceed to launch Distributed-Denial-of-Service attacks against specific websites, with most recent attacks targeting banking institutions. SpywareRemove.com malware analysts particularly recommend that employees of banks keep online security in mind, since the latest Dirtjumper attacks have been used as cover-ups for other attacks that compromise bank employee information and make fraudulent transactions. However, since Dirtjumper is a for-hire product, any PC is in theoretical danger of being attacked by a Dirtjumper Trojan, which uses up your PC's resources without displaying any symptoms of its presence.
Dirtjumper and Why a Website Blacking Out is Everybody's Problem
Dirtjumper (or) is built on the basis of an older PC threat than itself (RussKill) and has seen numerous revisions and updates throughout its 2011-2012 lifespan, including a new variant, the Pandora bot. While Dirtjumper's development can be considered ongoing, Dirtjumper always has been used for the purpose of designing botnet Trojans that launch DDoS attacks. These attacks flood designated websites with illegitimate traffic and disable them temporarily, while the infected PCs may suffer from poor performance due to the intense resource usage these concealed traffic floods require.
Dirtjumper's history includes several notable attributes: its poor coding, which has led to counterattacks and significant knowledge acquisition by relevant PC security companies, as well as Dirtjumper's tendency to target both anti-malware websites and financial institutions in its DDoS assaults. In the case of bank websites, the most recent Dirtjumper DDOSing efforts have been found to be part of a two-pronged attack, as SpywareRemove.com malware researchers have noted below:
- Initially, a bank employee's PC is compromised and infected with spyware. This spyware collects passwords and other information that could be used to access the bank's database.
- Once the information has been stolen, criminals launch a separate attack on the bank's website. This attack uses a botnet of other infected computers to bring down the site in a Dirtjumper-assisted DDoS attack. Typically, such website blackouts only prevail for a very short time.
- While bank employees are attempting to deal with the DDoS attack, the stolen information is used in a series of fraudulent transactions that pad the pockets of the Dirtjumper-using criminals.
How to Join Efforts in Bringing Dirtjumper to an End
Of course, SpywareRemove.com malware analysts can't recommend strongly enough that bank employees avoid clicking suspicious links, downloading unusual files or visiting untrustworthy sites on their work computers. However, regular PC users also will need to take appropriate precautions to prevent their own systems from being recruited into a Dirtjumper botnet. Since Dirtjumper Trojans don't display obvious symptoms, anti-malware products should be relied upon detect Dirtjumper when required or delete Dirtjumper-based PC threats.
Aliases that Dirtjumper can be detected by include W32/SKILL.ASK!TR.BDR, BACKDOOR.WIN32.SKILL.DM, Trojan.AGENT.ARZW and TR/AGENT.ARZW.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.