Current Event: Xbox Live DDoS Attacks Become Popular
Xbox Live DDoS Attacks Become Popular
Cheating in online multiplayer games has always been an issue. Each genre of game has been plagued with a certain type of hack: Map discovery hacks for RTS games, Aiming hacks in FPS’s, and hacks to force opponents to leave ranked games. Now, DDoS attacks are being used by some Xbox Live users to kick their opponents from games.
The article “Hackers Use DIY Botnets To DDoS Xbox Gamers” focuses on ready made Botnet solutions which make it easy for a script-kiddie to set up his own botnet. The programs discussed were BioZombie and HostBooter, and both come with a couple bots but require the user to add more. These bots can be added willingly (via friends), or the aspiring botnet emperor can trick others into running an executable. Many places advertise botnet creation services, or zombies for a fee ($2 per bot was a price referenced in the article). Of course, anyone who successfully spreads their botnet would “find themselves a drone for the original creator.” This seems like an excellent case of social engineering to spread a botnet.
The new popularity of this kind of exploit is directly caused by the gaming subculture’s lust for vengeance and carelessness in cheating, but an interesting new use of DDoS attacks. Unfortunately for Xbox Live users, no fix is on the horizon. If games were all hosted by a central server and there was no peer to peer communication, then a DDoS attack would not be possible because the attacker would not be able to find out the other gamers’s IP addresses. To stop this exploit from booting gamers, the Xbox game creators will need to change the way games are hosted, although this will mean that they must pay for more hosting. Positive reactions to this kind of cheat would be to complain to Microsoft about the need to consider the security of online gaming protocols. If nothing is done, every automated online competitive ladder could be cheated. Fortunately, this malicious activity would be possible to be tracked and a list of malicious users could be banned. I remember when Blizzard banned a large number of IP addresses and game serial numbers for maphacking in Warcraft 3. Hopefully Microsoft and other game developers will take a proactive role as well, or else many people will become frustrated with their online gaming experience.
link:
http://blog.spywareguide.com/2009/02/hackers-use-diy-botnets-to-ddo.html
Comment by Online Computer Help
February 6, 2009 @ 8:04 am
I can remember this going as far back as the starcraft days when they knocked players out of ranked games.
Interesting article, had no idea about this one.