//accordian//

Brain Food

Brain Food is a PHP script botnet discovered by Proofpoint researchers spreading through phishing campaigns and has already compromised over 5,000 websites. The threat actor sends the victim a spam email containing a shortened URL link. After the link is clicked, the victim is redirected to a landing page that advertises diet pills using stolen branding to make the website appear legitimate. The page attempts to trick users into providing PII information to threat actors. The malicious PHP script runs in the background of the website, going unnoticed by anti-virus/anti-malware engines due to its polymorphic nature and obfuscated code. In addition to information-stealing, the malware contains a backdoor that could allow the threat actor to perform remote code execution on infected web servers. 

Reporting and Technical Details:

May 2018: Brain Food botnet gives website operators heartburn (Proofpoint)

Image source: SC Magazine

DarkSky

DarkSky

Discovered by Radware Threat Research, DarkSky is a botnet that is capable of downloading malware, conducting a number of network and application-layer distributed denial-of-service (DDoS) attacks, and detecting and evading security controls, such as sandboxes and virtual machines.

JenX

JenX

Discovered in 2018 by Radware researchers, JenX is a botnet that advertises the ability to perform the query floods, attacks against NFO gaming servers, attacks against OVH, and attacks against TeamSpeak3 (TS3), an app used for voice and text chat. JenX also boasts the ability to perform DDoS attacks that reach over 1 terabyte per second (Tbps).

Smominru

Smominru

Smominru is a botnet that, at the time of writing, is mostly comprised of over 526,000 Windows computers, which are primarily Windows servers. Although it has been observed delivering a variety of malware to vulnerable system such as Mirai DDoS malware and other trojans, its primary function is to generate profit for its operator(s) by mining cryptocurrency on infected systems.

WireX

WireX

WireX is a large botnet that leverages Android-powered mobile devices to perform distributed denial-of-service (DDoS) attacks on targets. Network traffic generated by WireX was discovered by researchers on August 2, 2017 and the source of the malware infections that formed the botnet was traced to approximately 300 mobile apps available for download on the Google Play Store.