Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.
According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.