Posts in Botnets

Discovered by Radware Threat Research, DarkSky is a botnet that is capable of downloading malware, conducting a number of network and application-layer distributed denial-of-service (DDoS) attacks, and detecting and evading security controls, such as sandboxes and virtual machines.

Read More

Discovered in 2018 by Radware researchers, JenX is a botnet that advertises the ability to perform the query floods, attacks against NFO gaming servers, attacks against OVH, and attacks against TeamSpeak3 (TS3), an app used for voice and text chat. JenX also boasts the ability to perform DDoS attacks that reach over 1 terabyte per second (Tbps).

Read More
BotnetsNJCCICJenX, Satori, Huawei, Realtek

First detected in 2016, DDG is a Monero-mining botnet that targets Redis servers via brute-force attacks against SSH port 22 and OrientDB servers via the CVE-2017-11467 remote code execution vulnerability.

Read More

Smominru is a botnet that, at the time of writing, is mostly comprised of over 526,000 Windows computers, which are primarily Windows servers. Although it has been observed delivering a variety of malware to vulnerable system such as Mirai DDoS malware and other trojans, its primary function is to generate profit for its operator(s) by mining cryptocurrency on infected systems.

Read More

Researchers at NewSky Security discovered Masuta, a malware family developed from the source code of Mirai and likely developed by the creator of Satori known as "Nexus Zeta." From Masuta, a second version was created, dubbed PureMasuta, which leverages a flaw in the HNAP protocol in D-Link routers that was originally identified in 2015.

Read More

In late November 2017, Check Point analysts discovered Satori, a malware family developed from the source code of Mirai, engaging in bot activity, flooding targets with manually crafted UDP or TCP packets.

Read More
Fast Flux

Fast Flux is a multi-purpose botnet that is currently comprised of over 14,000 IP addresses and is used to host phishing sites, malware-embedded sites, C2 servers, and to conduct activities such as web scraping, SQL injections, and brute-force attacks against targets.

Read More
BotnetsNJCCICFast Flux

Flusihoc is a DDoS botnet that was first observed in 2015. It targets systems running Windows OS and is thought to be responsible for more than 900 DDoS attacks from June through September 2017.

Read More

Linux.ProxyM is a trojan that targets Linux-based devices using default login credentials. It is capable of infecting devices running on different architectures such as x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 6800, and SPARC.

Read More

RouteX is a Russian-owned botnet named after the malware used to infect Netgear routers and turn them into SOCKS proxies used to conduct credential stuffing attacks.

Read More

WireX is a large botnet that leverages Android-powered mobile devices to perform distributed denial-of-service (DDoS) attacks on targets. Network traffic generated by WireX was discovered by researchers on August 2, 2017 and the source of the malware infections that formed the botnet was traced to approximately 300 mobile apps available for download on the Google Play Store.

Read More
BotnetsNJCCICWireX, Android

Stantinko is a massive and sophisticated adware botnet primarily targeting users in Russia and Ukraine. It is estimated to include approximately 500,000 infected systems at the time of this post.

Read More

Zyklon, also known as Zyklon HTTP,  is a sophisticated botnet that is capable of performing various types of DDoS attacks such as HTTP flood, TCP flood, UDP flood, SYN flood, and Slowloris.

Read More