Security News > 2023 > November > MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
Exploitation of UDF. The attackers are scanning the internet for exposed MySQL servers and, when found, attempt to breach them by brute-forcing administrator credentials.
For Windows MySQL servers, the threat actors use a feature called user-defined functions to execute commands on the breached system.
Ddostf is a malware botnet of Chinese origin, first spotted in the wild roughly seven years ago, and targets both Linux and Windows systems.
To its C2. The C2 server may send DDoS attack commands to the botnet client, including SYN Flood, UDP Flood, and HTTP GET/POST Flood attack types, request to stop transmitting system status info, switch to a new C2 address, or download and execute a new payload. ASEC comments that Ddostf's ability to connect to a new C2 address makes it stand out from most DDoS botnet malware and is an element that gives it resilience against takedowns.
Mozi malware botnet goes dark after mysterious use of kill-switch.