Yoyo Botnet Found, Launches DDOS Assaults

According to the security investigators at Arbor Networks, they've found a fresh botnet, which executes DDoS (distributed denial-of-service) attacks. The investigators, who dubbed the malicious network as 'Yoyo DDoS,' report that the underlying trojans plant a backdoor on people's computers and add the infected machines to the botnet.

Also, the botnet has carried out almost 200 DDoS assaults aimed at websites in USA, Germany, China and South Korea.

Originally, the botnet first became apparent in March 2010. So far Arbor has handled over 70 samples of the Yoyo trojans and detected no less than 34 command-and-control (C&C) servers that are all situated inside China except for three.

Once the malware is planted, the infected PC links up with the C&C server as well as sets up a TCP link. Apparently, the server's code is firmly ingrained inside the bot in the form of a port and host name rather than a single IP address. However, the encoding procedure and specific location haven't been studied.

Further, whenever the bot communicates with its controller, it dispatches a 232-byte or 228-byte message by using a binary format. In terms of quality, the message sent quite resembles its different specimens. Sometimes Arbor observed that one lone bot tried establishing connection with twin C&C servers.

In case attacks are successful they cause victims' systems to be inundated with traffic which prevents them from either treating genuine traffic or replying to them.

Reportedly, the botnet has targeted many online merchants, including websites trading cosmetics and auto parts. It also targeted many gambling and gaming websites, a provider hosting website, someone's private blog and a song forum. The attacks commonly remain from a few to 48 hours. They've been targeting many websites at a stretch for 24-48 hours.

Stated the security company's investigators that they didn't know the exact number of PCs the bot Trojan had infected. However, according to them, there were no less than 3-4 independently running Yoyo botnets that launched DDoS assaults.

If that was true then the program for designing the Yoyo malware was likely traveling all over the illegal zone of cyber-crooks, the investigators stated.

Related article: Yahoo Gets “Yam”med by a Worm

» SPAMfighter News - 8/30/2010