DDoS botnet clients start integrating the Apache Killer exploit

The latest version of a DDoS (distributed denial-of-service) bot called Armageddon integrates a relatively new exploit known as Apache Killer. The Apache Killer exploit was released in August 2011. It exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition. The attack is particularly dangerous because it can be successfully executed from a single computer and the entire targeted machine needs to be rebooted in order to recover from it. The Kill Apache attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges. This can cause a surprisingly heavy load on the target server. The vulnerability exploited by Apache Killer is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix. This is the first time when Arbor researchers have seen this exploit being integrated into a DDoS botnet client that's actively being used by attackers.