Botnet Harvesting Bitcoins Now Executing DDoS Assaults Too
According to a warning by security investigators, one botnet has been discovered, which though originally built for harvesting Bitcoins, is now equipped for aiding DDoS assaults. Softpedia, dated 26th August 2011, published this.
Specifically, the botnet's sole purpose hitherto has been to mine Bitcoins since its infectious bot loads 3 Trojans -Phoenix, RCP, and Ufasoft to execute the function, however, it serves to install other malware programs too onto the contaminated systems.
Indeed, there are many characteristics of the botnet benefiting its owners. First, instead of interacting through a core command-and-control (C&C) server, it utilizes one distributed P2P file sharing network. Originally, it chiefly mined bitcoins, an Internet currency of the virtual kind.
Nevertheless, Tillmann Werner an expert at Kaspersky Lab has found contaminated PCs that lately downloaded one fresh executable file named ddhttp.exe. Careful examination shows that the file is a bot variant employed to launch HTTP flooding assaults that can deactivate Web-servers via their inundation with overwhelming queries. The H Security reported this on August 25, 2011.
Moreover, the different URLs the bot network downloads shows that the websites especially attacked are real estate and food sites. According to Werner, one of the food websites is 'pizza.de' that reportedly was under a 3-hour long assault when the assault blasted the site with 20,000-30,000 HTTP queries/sec. These queries emanated from about 50,000 Internet Protocol addresses. Help Net Security reported this on August 26, 2011.
The above thus indicates that the botnet for mining is expanding, while it being a peer-to-peer infrastructure, its shutdown could be difficult. When Kaspersky informed of it, some 38,000 individual IP addresses had been spotted.
The number of targets is fewer although not the least uninteresting. Among them are listed, IP addresses of different firms that offer to safeguard from DDoS assaults. This possibly relates to the botnet controller's response towards counter-attacks from its targets thereby raising the panic created.
And while, nothing can be surely said about the attacks' cause, they've apparently subsided since August 25, 2011.
Naturally, security specialists recommend that computer-users must deploy an AV solution that's maintained up-to-date, while also necessarily maintain other applications up-to-date too.
Related article: Botnet Misuses Google Analytics
» SPAMfighter News - 05-09-2011