A threat actor irretrievably destroyed its own botnet with nothing more than a typo.
Cybersecurity firm Akamai spotted the blunder in KmsdBot, a cryptomining botnet that also had distributed denial of service (DDoS (opens in new tab)) capabilities, before recently crashing and reporting an “index out of range” error.
Akamai’s researchers were monitoring the botnet while an attack on a crypto-focused website was taking place. At that very moment, the threat actor “forgot” to put a space between an IP address and a port in a command, and sent out the command to every working instance of KmsdBot. That resulted in most of them crashing, and given the botnet’s nature, staying down.
No persistence botnet
The botnet is written in Golang and has no persistence, so the only way to get it up and running again would be to infect all of the machines that comprised the botnet all over again.
Speaking to DarkReading, Akamai’s principal security intelligence response engineer, Larry Cashdollar, said almost all KmsdBot activity tracked by the company stopped, but added that the threat actors might try to reinfect the endpoints (opens in new tab) again. Reporting on the news, Ars Technica added that the best way to defend against KmsdBot is to use public key authentication for secure shell connections, or at least to improve login credentials.
According to Akamai, the botnet’s default target is a company that builds private Grand Theft Auto online servers, and while it is capable of mining cryptocurrencies for the attackers, this feature was not running during investigation. Instead, it was the DDoS activity that was running. In other instances, it targeted security companies and luxury car brands.
The company first spotted the botnet in November this year, while it was brute-forcing systems with weak SSH credentials.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba