Security News > 2022 > December > KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors.

KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service attacks.

"The presence of these commands tracks with previous observations of targeted gaming servers and offers a glimpse into the customers of this botnet for hire."

Akamai, which examined the attack traffic, identified 18 different commands that KmsdBot accepts from a remote server, one of which, dubbed "Bigdata," caters to sending junk packets containing large amounts of data to a target in an attempt to exhaust its bandwidth.

"Support for multiple types of servers increases the overall usability of this botnet and appears to be effective in driving in customers."

The findings come a week after Microsoft detailed a cross-platform botnet known as MCCrash that comes with capabilities to carry out DDoS attacks against private Minecraft servers.

News URL

https://thehackernews.com/2022/12/kmsdbot-botnet-suspected-of-being-used.html