Dirt Jumper: A New and Fast Evolving Botnet-for-DDoS

In July 2011, a fairly new and rather aggressive strain of botnet-for-DDoS malware, named Dirt Jumper, was identified by Arbor Networks. Since then, numerous incidents of DDoS attacks involving this strain of malware have been reported. In this paper, we first give a general overview of Dirt Jumper's history, structure and operation as it has been documented on the Internet. Subsequently, we present the results of our own analysis of Dirt Jumper, conducted using the GFI Sandbox environment. We also provide an overview of Pandora DDoS toolkit - the latest offspring coming out of the Dirt Jumper family, which appeared on the black botnet marked in the early 2012. We conclude the paper by outlining some areas of continuing and future work.