Security News > 2023 > November > Mozi botnet murder mystery: China or criminal operators behind the kill switch?

The Mozi botnet has all but disappeared according to security folks who first noticed the prolific network's slowdown and then uncovered a kill switch for the IoT system.

Then this August, the criminal network's activity took "a sudden and unanticipated nosedive," according to ESET Research, which on Wednesday said its team found an activated kill switch to "Put the IoT zombie botnet in its grave."

A little over a month later, ESET found the the control payload inside a user datagram protocol message that acted as the kill switch and had some interesting extra functionality.

The command stopped the Mozi malware, disabled some system services, replaced the original application file, reordered some router/device configuration commands, and disabled access to various ports.

They also note that the kill switch code shares some code snippets with the original botnet, and whomever flipped the switch to take down Mozi used the correct private keys to sign the payload. This all led the security shop to two theories about who is behind the IoT bot's shut down.

"There are two potential instigators for this takedown: the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the original actor or actors," Bešina said in a statement.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/01/mozi_botnet_kill_switch/