According to Nazario, the bot's capabilities include performing distributed denial of service (DDoS) attacks, as well as HTTP, STN and UDP floods, plus Slowloris attacks.
The Skunx botnet is also capable, the security analyst noted, of detecting some analytical tools, including Commview, TCPView, and Wireshark, as well as various computer platforms.
"We have not seen source or the control panel of the bot. The author appears to like the 'JoinVPS' service, however", said Nazario, adding that the host names used suggest a single attacker.
"We have not seen the kit openly available for sale or review. C&C [server] communications use an obfuscated ASCII protocol that is not unlike a basic IRC method. We worked with the registrar to shut down the domain name used by the attacker", he noted in his security blog.
Nazario goes on to say that inspection of the bots captured show a handful of user-agents and HTTP headers that appear distinctive, allowing Arbor Networks to detect its traffic selectively.
"The author appears to have imported Slowloris' attack methods without any modification", he said, adding that his team has also been sinkholing the botnet.
"Inspection shows hundreds of bots checking in from around the world, with most in the US", he concluded.