Security News > 2022 > November > Cybersecurity researchers take down DDoS botnet by accident
While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service attacks.
As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team after it infected one of their honeypots.
Unfortunately for its developers and luckily for the device owners, the botnet doesn't yet have persistence capabilities to evade detection.
What helped take down KmsdBot was its lack of error-checking and "The coding equivalent of a typo," which led to the malware crashing and stopping to send attack commands due to the wrong number of arguments to the C2 server.
"This malformed command likely crashed all the botnet code that was running on infected machines and talking to the C2 - essentially, killing the botnet," Cashdollar added.
"Because the bot doesn't have any functionality for persistence on an infected machine, the only way to recover is to re-infect and rebuild the botnet from scratch."
News URL
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)