BillGates Malware Botnet Spewing DDoS Assaults Expands

In a warning by security researchers, hackers have been found employing malware that attacks Linux computers with the objective of building botnets for carrying out DDoS (distributes denial-of-service) assaults. The malware is named BillGates Trojan, which the virus authors have so named, because it attacks only PCs that have Linux as the operating system and not Windows. The Security Intelligence Research Team (SIRT) of Akamai within its threat advisory labeled the BillGates Trojan virus as having 'high' risk.

It's past some years that the malware is into existence, and because of its name, it possibly is a most popular Linux-attacking Trojan family. Softpedia.com posted this, April 7, 2016.

Moreover, it was the largest assault seen, including harmful Web-traffic that the BillGates network-of-bots spewed as well as other different assault mediums, on 30th December 2015 as well as used certain adequately-distributed bandwidth that peaked to 308 Gbps. Akamai also cautions that the assault was getting stronger and stronger, the reason for assigning the 'high' risk label to the malware.

The advisory stated that the botnets in discussion had expanded considerably becoming big enough for executing assaults utilizing 'attack traffic' of over 100 Gbps power, while they were as well utilized together with other DDoS type assaults.

Furthermore, Akamai saw that the hackers' gang which used the XOR network-of-bots too had switched to employing the BillGates Trojan. In addition, the cyber-security vendor and CDN saw DDoS assaults attacking exactly those targets that the XOR syndicate targeted earlier.

Akamai cautions the network-of-bots are utilizing different kinds of attack mediums such as UDP flood, TCP flood, ICMP flood, HTTP flood, SYN flood along with DNS flood of the query-of-reflection kind for executing brute-force assaults on entities via certain technique that resembles the one XOR botnet uses from Asia as its place of origin.

After a system is infected with the malware, various attack functions begin, like carrying out DDoS assaults wherein DNS and SYN Floods get employed the maximum, creating services and ports, as well as potentially getting complete hold of the contaminated machine that can subsequently get utilized for launching more assaults within one vicious cycle.

» SPAMfighter News - 4/14/2016