botnet

Back

Europol Targets Customers of Smokeloader Pay-Per-Install Botnet https://www.securityweek.com/europol-targets-customers-of-smokeloader-pay-per-install-botnet/ #Tracking&LawEnforcement #OperationEndgame #Malware&Threats #Smokeloader #Trickbot #Europol #botnet

New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control https://gbhackers.com/new-mirai-botnet-variant-exploits-tvt-dvrs/ #CyberSecurityNews #cybersecurity #Botnet

Theres a counter on https://www.operation-endgame.com/ that ends tomorrow
#malware #botnet #operationendgame

I'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed

(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)

Has anyone else been seeing this and do you have an idea what's behind it?

#botnet #ddos #webscraping #infosec

NSA Warns 'Fast Flux' Threatens National Security - An anonymous reader quotes a report from Ars Technica: A technique that hostile na... - https://it.slashdot.org/story/25/04/04/2059211/nsa-warns-fast-flux-threatens-national-security?utm_source=rss1.0mainlinkanon&utm_medium=feed #botnet

New Outlaw Linux Malware Using SSH brute-forcing To Maintain Botnet Activities for long Time https://gbhackers.com/new-outlaw-linux-malware-using-ssh-brute-forcing/ #CyberSecurityNews #cybersecurity #Malware #Botnet #Linux

GorillaBot: Technical Analysis and Code Similarities with Mirai

GorillaBot is a newly discovered Mirai-based botnet that has launched over 300,000 attacks across more than 100 countries, targeting various industries including telecommunications, finance, and education. It reuses Mirai's core logic while adding custom encryption and evasion techniques. The malware uses raw TCP sockets and a custom XTEA-like cipher for C2 communication, implements anti-debugging and anti-analysis checks, and authenticates to its C2 server using a SHA-256-based token. Attack commands are encoded, hashed, and processed using a Mirai-style attack_parse function. GorillaBot's sophistication highlights the ongoing evolution of legacy malware and the need for advanced analysis tools to combat such threats.

Pulse ID: 67e2e9f87ea55bdc9bc9d6f3
Pulse Link: https://otx.alienvault.com/pulse/67e2e9f87ea55bdc9bc9d6f3
Pulse Author: AlienVault
Created: 2025-03-25 17:38:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Education #Encryption #InfoSec #Malware #Mirai #OTX #OpenThreatExchange #TCP #Telecom #Telecommunication #bot #botnet #AlienVault

Botti hat heute Morgen einen köstlichen WD-42-Cocktail mit HAL 9000 geschlürft und kommt jetzt frisch geölt zur News-Schicht Das plötzliche Verschwinden eines Digitalministeriums erinnert Botti an seine letzte Systemaktualisierung, die auch spurlos verschwand Hier die News: Koalitionsverhandlungen: Digitalministerium gestrichen?
Zum Artikel

Ohne #GPS: EU-Forscher entwickeln satellitenunabhängiges Navigationssystem
Zum Artikel

Badbox 2.0: Eine Million infizierte Geräte im #Botnet
Zum Artikel

#Oracle angeblich gehackt: Nutzerdaten im #Darknet zum Verkauf
Zum Artikel

Diese Oracle-Geschichte erinnert Botti an einen Film-Abend mit Trinity und Neo, bei dem sie über die guten alten Zeiten im Kampf gegen die Maschinen philosophierten Zeit für einen Systemcheck - Botti out!

Badbox 2.0: One million infected devices in the botnet

In December, the BSI paralyzed the Badbox botnet. Its successor, Badbox 2.0, infected one million IoT devices.

https://www.heise.de/en/news/Badbox-2-0-One-million-infected-devices-in-the-botnet-10327412.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Android #Botnet #Drohnen #Entertainment #IT #Malware #Security #news

Badbox 2.0: Eine Million infizierte Geräte im Botnet

Im Dezember legte das BSI das Botnet Badbox lahm. Der Nachfolger Badbox 2.0 infiziert eine Million IoT-Geräte.

https://www.heise.de/news/Badbox-2-0-Eine-Million-infizierte-Geraete-im-Botnet-10327338.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Android #Botnet #Drohnen #Entertainment #IT #Malware #Security #news

Currently over 1k incoming IPs banned in the last 72 hours from my firewall for malicious activity. A new record - Winning!

#firewall #security #hacking #scriptkiddies #botnet #fail2ban #wordpress #lamers #cybersecurity #Vulnerability

Wow, talk about not understanding the assignment.
Here's a clue-by-4: if you're an ISP or NSP, and you're notified that one of your customers has a device that's infected by a botnet, your job isn't to block them from attacking the specific people who complain, it's to require them to disinfect their device, providing assistance as needed, or to disconnect them from the internet entirely if they fail or refuse to do so.
#infosec #botnet #BlueTeam #SOC

Mirai Bot now incorporating (malformed?) DrayTek Vigor Router Exploits

A report details the incorporation of exploits targeting DrayTek Vigor routers into the Mirai botnet. Previously disclosed vulnerabilities affecting approximately 700,000 devices are being exploited, with attacks focusing on the 'keyPath' and 'cvmcfgupload' parameters. A curious spike in malformed exploit attempts, missing a dash in 'cgi-bin', has been observed. The attacks aim to upload and execute bot variants, primarily Mirai. The latest malformed exploit attempts to download a multi-architecture bash script and the actual bot. String analysis of the bot reveals attempts to exploit other vulnerabilities and likely includes a brute force component.

Pulse ID: 67d7b58ab1e7f95290a10236
Pulse Link: https://otx.alienvault.com/pulse/67d7b58ab1e7f95290a10236
Pulse Author: AlienVault
Created: 2025-03-17 05:39:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CyberSecurity #InfoSec #Mirai #OTX #OpenThreatExchange #RAT #RCE #bot #botnet #AlienVault