Accueil > Nouvelles Cyber > JenX Botnet Recruits Devices Via Grand Theft Auto Servers
CYBER NOUVELLES

JENX Botnet Recrues Devices Via Grand Theft Auto Serveurs

image botnet JENX

Les experts en sécurité informatique ont signalé la découverte d'une nouvelle menace des logiciels malveillants appelé JENX Botnet qui utilise des tactiques de distribution très inhabituelles. Au lieu de s'appuyer sur des messages électroniques standard, il abuse de l'un des jeux vidéo les plus populaires - Grand Theft Auto ainsi que les appareils IoT.

histoire connexes: Droidclub Botnet infiltrats Machines via Google Chrome Extensions

JenX Botnet Discovery and Infiltration Tactics

Une nouvelle infection mondiale par les botnets a été signalée par la communauté de la sécurité. La nouvelle menace s'appelle le botnet JenX et dispose d'un mécanisme d'infiltration très inhabituel. Selon le code, l'analyse tire parti de plusieurs vulnérabilités qui affectent certains modèles de routeurs populaires fabriqués par Huawei et Realtek. Ils sont parmi les plus grands fabricants d'équipements de réseau et ces modèles sont généralement achetés par des fournisseurs de services Internet. (FAI) et remis aux clients. Cela signifie que des milliers voire des millions d'ordinateurs peuvent être victimes des tests de pénétration automatisés. Les deux vulnérabilités sont suivies dans les avis de sécurité suivants:

  • CVE-2014-8361 - Le service miniigd SOAP dans Realtek SDK permet aux attaquants distants d'exécuter du code arbitraire via une requête NewInternalClient spécialement conçue.
  • CVE-2017-17215 - Vulnérabilité d'exécution de code à distance dans Huawei HG532 CVE-2017-17215.

Il est intéressant de noter que les deux faiblesses sont tirées de la botnet Satori. Les extraits ont été identifiés dans des messages publics rédigés par le pirate informatique connu sous le pseudonyme “Janit0r” qui est l'auteur de BrickerBot. Selon la recherche, le botnet est conçu spécifiquement contre les fournisseurs de jeux, clubs et joueurs.

Le code malveillant s'infiltre dans les serveurs qui alimentent les jeux et infecte ainsi les machines clientes.. The link made with the Grand Theft Auto game is due to the fact that compromised servers hosting the JenX botnet host the game. Such tactics are particularly effective against targets as gaming servers are known for their performance and network connectivity.

This is a follow-up upgrade from base botnets like Mirai. Their intrusion strategy was to rely on default credentials which are probed for access. Once the malware has compromised the target device it can change the account credentials and deny access to the owners. The second-generation botnets like Satori depend on firmware vulnerabilities and as a result they are much more effective against potential targets. Most IoT devices never receive critical security updates either due to a lack of software support or owner negligence. Exploits can be easily triggered using automated platforms which makes it easy even for beginner users to utilize it in their attack schemes.

The JenX Botnet and the Gaming Servers Connection

One of the proposed reasons why the malware targets gaming servers is the fact that they are frequently rented for whole groups or used in tournaments. Once the malware code has infected the server itself it can be used to spread viruses to the connected clients through the video games themselves. Usually they integrate in themselves chat options which can be abused.

Using social engineering tactics the criminals can opt to deliver additional malware through links posted in the chat software. They can be disguised as service messages such as password reset links, notifications et etc.

In other cases the victims can be redirected to malware sites which include phishing elements. Instead of delivering executable files the criminals attempt to confuse the users into entering their account credentials to impostor sites. The criminals usually take the graphics and text elements from web services and social networks which are among the most widely visited sites. In recent years these type of scams have become so advanced that sometimes it is hard to tell the fake from the legitimate service. The criminals not only impose almost the same visual identity, but also sign the security certificates and establish a secure connection with credentials that bear a striking resemblance to the actual real ones.

histoire connexes: Smominru Botnet Machines avec Monero infecte Miner crypto-monnaie

JenX Botnet Infection Capabilities

The researchers note that the botnet is particularly dangerous as it integrates an advanced Module de protection furtif that aims to hide the threat from security software and analysis. Such techniques are also bundled in advanced ransomware samples where the infection engine looks out for any sandbox or debugging environments, machines virtuelles et des produits anti-virus. They can be either disabled or removed. The viruses can also be instructed into deleting themselves if they are unable to bypass the security protection. Such steps can also be integrated in the JenX botnet via script commands. The hackers were found to distribute copies of the JenX compatible with MIPS, ARM and X86 which are the most popular platforms.

The hacker operators seek to silently infiltrate both commercial servers and private ones. Its interesting to note that that the wide audience support seems like an important factor to consider. The criminal community behind the attacks seem to utilize a centralized server which acts as the primary malware platform. The experts load the vulnerabilities along with other custom scripts to execute the follow-up stages of infections.

The infiltrated sites offer access to a Grand Theft Auto San Andreas modded servers for the price of $16, TeamSpeak servers are sold for $9. If the hackers pay $20 more they can utilize the compromised servers for controlled DDOS attacks against single targets. The reports indicate that the peak network thorough can be 290 ou 300 Gbps. At the moment the impact caused by the JenX botnet is related to a minor disruption among local gamers. It can be used to sabotage Grand Theft Auto tournaments and group play.

The experts note that if the centralized servers can be taken down the whole platform can fail. It is presumed that the threat can be updated in future versions to utilize a decentralized approach. Recent infections have been found to feature a P2P approach which is harder to mitigate.

We recommend that all users scan their systems for active infections and protect themselves from incoming threats by using a quality anti-spyware solution.

Télécharger

Malware Removal Tool


Spy Hunter scanner ne détecte que la menace. Si vous voulez que la menace d'être retiré automatiquement, vous devez acheter la version complète de l'outil anti-malware.En savoir plus sur l'outil SpyHunter Anti-Malware / Comment désinstaller SpyHunter

avatar

Martin Beltov

Martin a obtenu un diplôme en édition de l'Université de Sofia. En tant que passionné de cyber-sécurité, il aime écrire sur les menaces les plus récentes et les mécanismes d'intrusion.

Plus de messages

Suivez-moi:
Gazouillement

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...