Security News > 2022 > November > Cybersecurity researchers take down DDoS botnet by accident

Cybersecurity researchers take down DDoS botnet by accident
2022-11-30 20:12

While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service attacks.

As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team after it infected one of their honeypots.

Unfortunately for its developers and luckily for the device owners, the botnet doesn't yet have persistence capabilities to evade detection.

What helped take down KmsdBot was its lack of error-checking and "The coding equivalent of a typo," which led to the malware crashing and stopping to send attack commands due to the wrong number of arguments to the C2 server.

"This malformed command likely crashed all the botnet code that was running on infected machines and talking to the C2 - essentially, killing the botnet," Cashdollar added.

"Because the bot doesn't have any functionality for persistence on an infected machine, the only way to recover is to re-infect and rebuild the botnet from scratch."


News URL

https://www.bleepingcomputer.com/news/security/cybersecurity-researchers-take-down-ddos-botnet-by-accident/