Saturday, 2 July 2016

On 00:02 by admin   No comments
LizardStresser, a distributed denial of service (DDoS) botnet that inspired many cybercrime groups to create their own botnets, was recently used in attacks as large as 400 gigabits per second (Gbps) that leverage the power of IoT devices, Arbor Networks researchers reveal.

Written in C and designed to run on Linux, the botnet malware has had its source code leaked online in early 2015, which inspired DDoS actors to build their own botnets. More recently, however, researchers noticed that the number of unique LizardStresser command and control (C&C) servers has grown, and that actors behind the botnet have been targeting Internet of Things (IoT) devices using default passwords.

Similar to other botnets, LizardStresser relies on a large number of hosts that connect to a C&C server to conduct malicious activities. The botnet can be used to launch DDoS attacks using a variety of attack methods: HOLD – holds open TCP connections; JUNK – send a random string of junk characters to a TCP port; UDP – send a random string of junk characters to a UDP port; TCP – repeatedly send TCP packets with the specified flags.

The LizardStresser bots also have a mechanism to run arbitrary shell commands, which allows operators to update the list of C&C servers or to download new malware to them. Since the beginning of this year, Arbor Networks researchers have observed an increase in the unique number of C&C servers the botnet connects to: they are now in excess of a hundred.

What’s more, researchers observed that the increase was accompanied by a surge in real-world attacks that match the LizardStresser network signature and that the botnet also started using IoT devices as bots in a number of attacks. Earlier this week, Sucuri researchers also revealed that tens of thousands of compromised CCTV devices have been leveraged in DDoS attacks.


Post a comment