Recently discovered malware circulating online gives miscreants a small arsenal of denial-of-service attack tools, including a relatively new one that allows a single PC to take down an Apache webserver, a researcher said.

MP-DDoser, as documented in a blog post by Arbor Networks researcher Jeff Edwards, implements an exploit known as "Apache Killer," which first came to light last August. Researchers said then that it worked by sending Apache servers multiple GET requests containing overlapping byte ranges, consuming all memory on a target system. The Arbor post suggested the technique worked against other webserver applications.

"The core of the attack involves the sending of a very long-range HTTP header that is intended to bring webservers (especially Apache) to their knees by forcing them to do a great deal of server-side work in response to a comparatively small request," Edwards wrote. "It is therefore one of the more effective low-bandwidth, 'asymmetrical' HTTP attacks at the moment."

MP-DDoser, aka IP-Killer, also contains other denial-of-service exploits, including one that closely resembles "Slowloris," another attack that allows a single PC to bring large websites to their knees. Apache Killer has also been incorporated into another DoS bot known as Armageddon.

In addition to its high-functioning DoS tools, MP-DDoser is also notable for multiple layers of encryption used to secure communications with command-and-control servers.

"All in all, MP-DDoser uses some of the better key management we have seen," Edwards wrote. "But of course, at the end of the day, every bot has to contain—or be able to generate—its own key string in order to communicate with its C&C, so no matter how many layers of encryption our adversary piles on, they can always be peeled off one by one."