What is Botnets?
Botnets are artificial networks created by malware, which can be controlled by the virus author remotely. Here in Hackercombat.com, we have featured stories of companies which had their devices becoming a member of botnets without them knowing. Being a member of a botnet means the infected devices are kept running as usual, as the virus authors are not interested in data destruction in the device itself. Botnets are designed to gather as much “zombie” devices to its fold, using their aggregate CPU resources as an instrument to magnify the effect of its DDoS attacks, computing for hashes and other nefarious actions.
1. 3Eve
Members of 3ve (pronounced “eve”) used a large pool of their trusted IP addresses to hide fraud. This scheme is used by 1000 servers hosted in a data center to spoof real people forged as “seen” advertisements that are claimed to be hosted on fake pages run by the fraudsters themselves. it was done. Usually, such small server-hosted bot scams have been noticeable to forged advertisers. To impersonate this fraud, 3ve operators processed server fraudulent page requests through millions of compromised IP addresses.
Approximately 1 million of these IP addresses, based primarily in the United States and the United Kingdom, belong to computers, and the attacking side is infected with botnet software strains known as Boaxxe and Kovter. But on the scale used by 3ve botnet, even the number of IP addresses was not enough. And that’s where the BGP hijacking came up. This hijacking has allowed 3ve to provide virtually unlimited IP addresses. When combined with botnets, this scam has made it look like millions of real people in the world’s richest regions are looking at ads.
2. Methbot
“Methbot”, is for advert-flooding, disguised as an innocent-looking video ad from October 2016, that cost $3 million to 5 million (approximately 350 million to 59,000 daily) from advertising agencies and brands. It is believed that it deceived thousands of victims. Agency companies have raised a sense of crisis on this news. They said marketers should be seen as a new warning for relying on programmatic advertising technology to reach consumers. Advertisers should be wary, such as adopting a tech vendor that can identify risks and identify botnets. On the other hand, suppliers also need to use such countermeasures tools to sort out the advertising inventory before auctioning.
3. Mirai
In attacks targeting IoT devices, malware called “Mirai” is famous. The main targets are IoT devices such as network cameras and Internet routers that connect to the Internet. When malware is infected by exploiting the vulnerability of software operating on these devices, the attacker can control the remote control. If a botnet is configured by an attacker against such a device, a large-scale DDoS attack becomes possible.
The DDoS attack on OVH, a Web hosting service company in France, recorded 1 Tbps, which was an attack by a botnet configured by Mirai botnet. Countermeasures for large-scale DDoS attacks are not easy and are not realistic because they require a large amount of money and advanced technology. At present, there is nothing that can be handled absolutely. Furthermore, IoT devices are not usually operated like PCs and smartphones, so it is difficult to notice suspicious behavior, making the damage more serious.
4. Kraken
Rumors about a botnet called “Kraken”, which took the name of the mysterious monster that appeared in the movie “Pirates of the Caribbean”, are flying around the net. However, according to security majors such as the SANS Internet Storm Center and the US Symantec. According to SANS and Symantec, Kraken has been discovered and released by a security company named Damballa. Although there is information that Kraken’s botnet is twice as large as Storm, it has not been proven yet. SANS has reported that it has intercepted packets of control traffic, although samples of Kraken related malware are not available. Symantec obtained malware samples that could be detected under the name “Backdoor.Spakrab,” but it turned out that they were already mostly covered under another name.
Also, Read
Mirai Botnet New Variant Takes Aim at x86 Linux Servers
Another IoT botnet found waiting to attack vulnerable IP cameras
