TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Syntax errors are the doom of us all, including botnet authors

Staff by Staff
December 8, 2022
in Computer
0
Syntax errors are the doom of us all, including botnet authors
466
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Enlarge / If you’re going to come at port 443, you best not miss (or forget to put a space between URL and port).

Getty Images

KmsdBot, a cryptomining botnet that could also be used for denial-of-service (DDOS) attacks, broke into systems through weak secure shell credentials. It could remotely control a system, it was hard to reverse-engineer, didn’t stay persistent, and could target multiple architectures. KmsdBot was a complex malware with no easy fix.

That was the case until researchers at Akamai Security Research witnessed a novel solution: forgetting to put a space between an IP address and a port in a command. And it came from whoever was controlling the botnet.

With no error-checking built in, sending KmsdBot a malformed command—like its controllers did one day while Akamai was watching—created a panic crash with an “index out of range” error. Because there’s no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot’s functions. It is, as Akamai notes, “a nice story” and “a strong example of the fickle nature of technology.”

KmsdBot is an intriguing modern malware. It’s written in Golang, partly because Golang is difficult to reverse-engineer. When Akamai’s honeypot caught the malware, it defaulted to targeting a company that created private Grand Theft Auto Online servers. It has a cryptomining ability, though it was latent while the DDOS activity was running. At times, it wanted to attack other security companies or luxury car brands.

Researchers at Akamai were taking apart KmsdBot and feeding it commands via netcat when they discovered that it had stopped sending attack commands. That’s when they noticed that an attack on a crypto-focused website was missing a space. Assuming that command went out to every working instance of KmsdBot, most of them crashed and stayed down. Feeding KmsdBot an intentionally bad request would halt it on a local system, allowing for easier recovery and removal.

Larry Cashdollar, principal security intelligence response engineer at Akamai, told DarkReading that almost all KmsdBot activity his firm was tracking has ceased, though the authors may be trying to reinfect systems again. Using public key authentication for secure shell connections, or at a minimum improving login credentials, is the best defense in the first place, however.



Source link

Previous Post

How To Delete A Todoist Account?

Next Post

Ingenuity Mars Helicopter Reaches Record Altitude on 35th Flight

Next Post
Ingenuity Helicopter Marks 30 Flights on Mars

Ingenuity Mars Helicopter Reaches Record Altitude on 35th Flight

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

UBA dom account dollar card

How To Open A UBA Domiciliary Account

October 1, 2022
Latest Theme Park News From Disney, Universal Studios, and More

Latest Theme Park News From Disney, Universal Studios, and More

January 21, 2023

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com