Anonymous supporters are building a new denial of service (DoS) tool that can exploit SQL vulnerabilities.
The tool is very effective, a 17-second attack from a single machine resulting in a 42-minute outage on one test platform.
The effectiveness of RefRef is because it exploits a vulnerability in a widespread SQL service. The flaw is out there, but not widely patched yet.
The tool’s creators don’t expect their attacks to work on a high-profile target more than a couple of times before the targets figures it out and blocks them, but their thinking is they do not feel companies will rush to patch the flaw quickly and that leaves some room for a few attacks.
This means there are a lot of possible targets out there that will suffer a hit at least once.
“This tool only makes you vulnerable if you don’t keep your systems patched, perform the basic security, which is how Sony got caught with its pants down,” RefRef developers said.
The tool works by turning servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool’s GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Anonymous currently uses a tool called Low Orbit Ion Canon (LOIC) in their DDoS campaigns. This tool voluntarily runs via supporters on their machines and can refresh a target page continuously or become part of a botnet, a feature known as the hivemind.
Security experts remain skeptical the success of Anonymous’s DDoS attacks come from LOIC alone. They feel some of the group’s supporters also have access to botnets.