When Google Maps Attack!

Akamai is reporting that the reflection attack method has been used in conjunction with Joomla servers running a vulnerable Google Maps plugin. Akamai warns that, after a whole bunch of vulnerability disclosure across 2014, the Joomla content management framework is still being actively targeted by those with malicious intent. In conjunction with the PhishLabs Research, Analysis, and Intelligence Division (R.A.I.D), PLXsert observed traffic signatures from Joomla distributions with a vulnerable Google Maps plugin being used as a launch platform for DDoS attacks. These traffic signatures were a match for known DDoS for hire outfits, and the attack itself appeared to be using specific tools (DAVOSET and UFONet) to manipulate XML and Open Redirect functions to produce the reflected/amplified response.