Security News > 2020 > August > FritzFrog Botnet Uses Proprietary P2P Protocol
A newly discovered sophisticated peer-to-peer botnet targeting SSH servers is using a proprietary protocol, Guardicore Labs security researchers explain.
What makes the threat unique compared to other P2P botnets is a fileless infection, constantly updated databases of targets and breached machines, brute-force attacks using an extensive dictionary, even distribution of targets among nodes, and the use of a completely proprietary protocol.
"Nodes in the FritzFrog network keep in close contact with each other. They constantly ping each other to verify connectivity, exchange peers and targets and keep each other synced. The nodes participate in a clever vote-casting process, which appears to affect the distribution of brute-force targets across the network," Guardicore Labs explains.
Not only is the FritzFrog binary running completely in-memory, but the whole database of targets and peers is also running in the memory of the botnet's nodes, the researchers say.
Although FritzFrog has been written from scratch and uses its own, previously unseen protocol, the security researchers discovered resemblance with the Rakos P2P botnet that was detailed in 2016.