Desperate VXers enslave FREEZERS in DDoS bot

Updated Spike malware targets Asia

Bad guys are launching denial of service attacks from Windows and Linux boxes and in a sign of desperation even fridges, freezers and Raspberry Pis.

The attacks spotted by security company Akamai are based on an updated version of the Chinese language Spike malware that now targets insecure Internet-of-Things things.

Akamai's research labs said one attack clocked 215 Gbps.

"Several Akamai customers have been targeted by DDoS attack campaigns launched from this botnet. One attack peaked at 215 gigabits per second and 150 million packets per second," the company wrote in an advisory.

"Binary payloads from this toolkit are dropped and executed after the successful compromise of targeted devices, which may include PCs, servers, routers, Internet-of-Things devices (i.e., smart thermostat systems and washer/dryers) and home-based customer premises equipment routing devices.

Spike could send SYN, UDP, Domain Name System query, and GET floods against Windows, Linux and ARM-based Linux hosts.

The C&C panel

The C&C panel. Akamai

Technicians create a working proof-of-concept for the embedded device binary by infecting a Raspberry PI with the ARM bot.

It was part of a "rising trend" in botnet across Asia that is spreading from targeting Linux servers to Windows hosts, routers, and embedded devices. While some attacks launched from low-powered devices could be laughable, Akamai warned that "significant" resources could be gained from fridges and freezers.

Akamai said the malware bore the hallmarks of garden-variety botnets through its Chinese-language command-and-control panel and binary payloads.

Strings found inside the malware possibly identified the author as 'Mr Black' while one payload was dubbed 'DealwithDDoS' ®.

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019