Researchers at SecNiche Security Labs 발견했습니다 a previously unknown Gucci botnet that infects and uses IoT devices to conduct DDoS attacks.
전문가에 따르면, the creators of the malware, based on which the botnet is built, continue to refine it.
The new malware can conduct both targeted and widespread attacks, hitting devices based on architectures such as ARM, x86, MIPS, PPC, M68K.
“Called Gucci, the same as the Italian luxury brand of fashion and leather goods, the botnet appears to be new and previously undocumented”, — security researchers Aditya K. Sood and Rohit Bansal told.
Each bot communicates with the management server on TCP port 5555 (Telnet). Attackers obfuscated the code to make it harder for security professionals to investigate Gucci. 게다가, they cleared the program of debug symbols, thus decreasing weight of a program.
Experts tracked the source of infection to a server in the Netherlands. When they tried to connect to the command host, he requested credentials. Specialists were able to crack the protection and gained access to the control panel. Soon after, the malware operators detected an intrusion, disconnected the Telnet communication service and tried to erase the traces of their activity.
This did not stop researchers from learning more about the features of Gucci. A botnet can conduct various DDoS attacks, including UDP flood, SYN flood, and others. Gucci is currently target oriented in European countries.
“The botnet operator was found to be very proactive. The whole analysis and obtaining C&C access was like an arms race. At the moment, the botnet seems to be in its early stages of development and it appears to be targeting the European continent”, — the security researchers note.
Gucci added to a considerable list of malicious bots that have been noted in cyber campaigns in recent months.
In September, experts found that the Smominru crypto jacker, known since 2017, infects several thousand devices a day, and Emotet resumed attacks after a three-month break. Earlier it became known about the next update of Echobot, after which the number of exploits used by it exceeded 60.
또한 읽기: Cybercriminals deliver backdoor to victims’ computers with NVIDIA driver
일부 경우에, law enforcement agencies manage to prosecute the operators of such malware. 그러므로, in March, in the Netherlands, a trial was held over a 20-year-old cybercriminal who used a Mirai-based botnet to conduct DDoS attacks. He explained his actions by a lack of pocket money.
코멘트를 남겨주세요