Security News
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service attacks.
The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "Upscaled" campaign, months after Google disrupted the malicious activity. Specifically, the botnet is designed to search the public Bitcoin blockchain for transactions related to wallet addresses owned by the threat actor so as to fetch the encrypted C2 server address.
Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.
With no error-checking built in, sending KmsdBot a malformed command-like its controllers did one day while Akamai was watching-created a panic crash with an "Index out of range" error. Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions.
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system to seize control of the targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers Eduardo Altares, Joie Salvio, and Roy Tay said.
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. The malware then connects to each site and attempts to brute-force the admin accounts using the inputted credentials.
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things devices and other software. The botnet "Contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said.
A botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation. Even worse for the operator(s), their Golang-coded KmsdBot lacked persistence, meaning the whole botnet is toast thanks to the apparent decision to forgo error handling.
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot.
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot.