Security News
A man who developed distributed denial of service botnets based on the source code of Mirai was sentenced to 13 months in federal prison. Initially based on the publicly available Mirai source code, the botnets received additional capabilities over time, which increased their complexity and efficiency, the DoJ says.
The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman, a resident of Vancouver, and his criminal associates-Aaron Sterritt and Logan Shwydiuk-created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide.
A defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy. Prosecutors say Sterritt, using the hacker aliases "Vamp" and "Viktor," was the brains behind the computer code that powered several potent and increasingly complex IoT botnet strains that became known by exotic names such as "Masuta," "Satori," "Okiru" and "Fbot.".
The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday. Trend Micro has recently spotted variants that also target Docker servers.
Known to Akamai researchers as Stealthworker, the infection preys on weak passwords then uses a massive arsenal of malware to overtake Windows and Linux servers running popular CMS, publishing, and hosting tools. By breaking up the attempts among multiple machines, the attacker can avoid limits on the number of login attempts.
Security researchers at WordFence, a company that's focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data. This file is located in the root of your WordPress file directory and contains your website's base configuration details, such as database connection information.
The Hoaxcalls operators are among those botherders that differentiate themselves from amateur actors with the use of exploits - most of those with fewer technical skills tend to brute-force SSH and Telnet credentials in order to compromise devices and add them to their botnets. Two new Hoaxcalls samples spotted by Radware showed up on the scene in April, incorporating new commands from its command-and-control server and a new exploit for an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed in March.
An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. The gang used Alibaba Cloud storage and China's largest online community, Baidu Tieba, to host configuration files; and URL addresses hosted by Tencent Weiyun were used to manage the activity of the infected hosts, researchers said.
At least that's according [PDF] to a Trend Micro whitepaper on the cost of criminal services, which says over the past five years the prices for botnet rentals and credit card numbers have taken a nosedive. "In 2015, generic botnets started selling at around $200 in Russian underground forums. Generic botnet prices today cost around $5 a day, and prices for builders start at $100," Trend said.
At least that's according [PDF] to a Trend Micro whitepaper on the cost of criminal services, which says over the past five years the prices for botnet rentals and credit card numbers have taken a nosedive. "In 2015, generic botnets started selling at around $200 in Russian underground forums. Generic botnet prices today cost around $5 a day, and prices for builders start at $100," Trend said.