1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous botnet might have been taken down by a simple typo

    From TechnologyDaily@1337:1/100 to All on Tue Dec 6 22:45:04 2022
    This dangerous botnet might have been taken down by a simple typo

    Date:
    Tue, 06 Dec 2022 22:32:08 +0000

    Description:
    A typo in a command given out to infected devices ended up crashing the botnet, researchers say.

    FULL STORY ======================================================================

    A threat actor irretrievably destroyed its own botnet with nothing more than
    a typo.

    Cybersecurity firm Akamai spotted the blunder in KmsdBot, a cryptomining botnet that also had distributed denial of service ( DDoS ) capabilities, before recently crashing and reporting an index out of range error.

    Akamais researchers were monitoring the botnet while an attack on a crypto-focused website was taking place. At that very moment, the threat
    actor forgot to put a space between an IP address and a port in a command,
    and sent out the command to every working instance of KmsdBot. That resulted in most of them crashing, and given the botnets nature, staying down. No persistence botnet

    The botnet is written in Golang and has no persistence, so the only way to
    get it up and running again would be to infect all of the machines that comprised the botnet all over again.

    Speaking to DarkReading , Akamais principal security intelligence response engineer, Larry Cashdollar, said almost all KmsdBot activity tracked by the company stopped, but added that the threat actors might try to reinfect the endpoints again. Reporting on the news, Ars Technica added that the best way to defend against KmsdBot is to use public key authentication for secure
    shell connections, or at least to improve login credentials. Read more

    This is the most powerful botnet ever seen


    A fearsome new botnet is rapidly gaining momentum


    Check out the best firewalls around

    According to Akamai, the botnets default target is a company that builds private Grand Theft Auto online servers, and while it is capable of mining cryptocurrencies for the attackers, this feature was not running during investigation. Instead, it was the DDoS activity that was running. In other instances, it targeted security companies and luxury car brands.

    The company first spotted the botnet in November this year, while it was brute-forcing systems with weak SSH credentials. Check out the best antivirus programs right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-dangerous-botnet-might-have-been-taken-dow n-by-a-simple-typo


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)