First observed in 2015, Flusihoc is a DDoS botnet that targets systems running Windows OS and is thought to be responsible for more than 900 DDoS attacks from June through September 2017. Researchers believe that the botnet operators are based in China and run Flusihoc as a DDoS-for-hire service. They have used over 154 C2 servers and have created over 500 versions of Flusihoc. Once computers are infected with the botnet code, they become capable of launching nine different types of DDoS attacks including: SYN, UDP, ICMP, TCP, HTTP, DNS, CON, and two types of CC flood attacks. Flusihoc is also designed to act as a trojan and can download other types of malware onto an infected system.
Reporting and Technical Details:
- Flusihoc DDoS Botnet Ramps Up Activity, Most Likely Operated out of China (Bleeping Computer)
- The Flusihoc Dynasty, A Long Standing DDoS Botnet (Arbor Networks)