Uncategorized
1

Mapping Mirai: A Botnet Case Study

Mirai is a piece of malware designed to hijack busybox systems (commonly used on IoT devices) in order to perform DDoS attacks, it’s also the bot used in the 620 Gbps DDoS attack on Brian Kreb’s blog and the 1.1 Tbps attack on OVH a few days later. Although Mirai isn’t even close to …

Uncategorized
3

Significant Increase in Kelihos Botnet Activity

Since the Kelihos takedown in front of a live audience at RSA Conference in 2013, the operator had opted to maintain a low profile by keeping the total number of infections at only a fraction of the previous size. In the past Kelihos’ MO was spamming stock pump and dump schemes or pharmaceutical scams then laying …

Uncategorized

What’s Happening with Necurs, Dridex, and Locky?

Around the 8th of June VICE picked up the story about Necurs’ downtime and wrote a great article including a tweet from Kevin Beaumont referencing my botnet tracker. I was contacted for comment and there’s a few things i’d have liked to add but at the time i was in …

Uncategorized
1

DDoSing with Other People’s Botnets

While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which I’d found to be beautifully ironic. After further analysis, I discovered it may even …

Uncategorized

Necurs.P2P – A New Hybrid Peer-to-Peer Botnet

Last week I received a tip about a sample displaying some indication that it could be peer-to-peer (a large amount of UDP traffic being sent to residential IPs), after a couple days of analysis I was able to confirm that not only was it peer-to-peer but also currently active. The person …

Uncategorized

Exploring Peer to Peer Botnets

Peer to Peer and Everything In between Back in October I’d gotten bored of the endless stream of cryptolockers and PoS trojan, so decided to look at something old school, that something was Kelihos. Since then, I’ve come to realize that P2P botnet monitoring brings together two of my favorite …

Uncategorized

Kelihos Analysis – Part 1

In the recent years I’ve noticed a shift in the malware economy from botnets to ransomware, which is likely due to the AV industry employing more aggressive tactics against botnets resulting in a drop in profitability. As I’ve said before: ransomware is about as interesting to me is watching oil …

Uncategorized
3

Distributed Denial Of Service (DDoS) for Beginners

Distributed Denial Of Service, or DDoS, is an attack in which multiple devices send data to a target device (usually a server), with the hope of rendering the network connection or a system application unusable. There are many forms of DDoS attack, but almost all modern attacks are either at …

Uncategorized
3

Phase Bot – Exploiting C&C Panel

I’ve been withholding this article for a while, due to the fact that the minute I post it all the vulnerabilities will be patched, thus becoming useless to us; however, it turns out hacking all of the phase C&C panels has generated a bit of noise, resulting in the vulnerabilities …

Uncategorized
7

Peer-to-Peer Botnets for Beginners

With all the hype about the ZeroAccess take-down, i decided it might be a nice idea to explain how peer to peer botnets work and how the are usually taken down. Traditional Botnets A basic example of a tradition botnet With tradition botnets (Be it HTTP, IRC or some other …