A botnet called KmsdBot has taken over appearance in recent times and computer security researchers have set
This research is based on the different industries and geographies that have been attacked, said web infrastructure firm Akamai; notable botnet targets included FiveM and RedMwhich are clients that allow you to mod video games such as Grand Theft Auto V and Red Dead Redemption 2 (if you follow the roleplays on Twitch, you’ll know what we’re talking about for sure), as well as other more or less well-known brands under attack.
What exactly is KmsdBot?
KmsdBot is malware based on go which leverages SSH to infect systems and perform tasks such as mining cryptocurrencies and launching commands using TCP and UDP to be able to do Distributed Denial-of-Service (DDoS) attacks.
However, last month, the lack of an error checking mechanism in the malware source code meant that i creators themselves malware themselves inadvertently block the botnet in question.
“Based on observed IPs and domains, most of the victims are located in Asia, North America and Europe“, they have said the researchers by Akamai Larry W. Cashdollar and Allen West. “The presence of these commands keeps track of previous observations of the targeted game servers and gives an overview of the clients of this rental botnet“.
Akamai, who investigated the attack traffic, identified 18 different commands that KmsdBot accepts from a remote server, one of which, dubbed “bigdata,” sends junk packets containing large amounts of data to a target in an attempt to run out of bandwidth.
Also included among these commands are those like “fivem” and “redm” designed to target video game mod servers, along with a “scan” instruction that “it appears to route specific paths within the target environment” according to cyber security experts.
Tracking attempts to infect the botnet reports reduced activity in Russian territory and neighboring regions, potentially offering a clue as to its origins.
Further analysis of the commands used for this attack observed over a 30 day period shows “bigdata” in the lead with a frequency of more than 70, code calls to “fivem” occurred 45 times, while “redm” saw less than 10 “recalls”.
“This tells us that while game servers are a specific target on offer, it may not be the only sector affected by these attacks“, said the researchers. “Support for multiple server types increases the overall usability of this botnet and appears to be effective in attracting customers“.
The findings come a week after Microsoft detailed a cross-platform botnet known as MCCrash equipped with functionality to perform DDoS attacks against private Minecraft servers.
A common forgetfulness
Both experienced users and less experienced users often forget one basic thing: even video games are programs, complete with code.
It is no coincidence that this malware, in short, this botnet, Kmsdbottake advantage of servers with mod of video games, even if “for hire”: why?
First of all, private game servers are usually easier to attack, since most of the time they are made by gamers who often aren’t even programmers, consequently the security code sequences may not be up to par with those of proprietary servers. software houses.
The second reason is that it is much more difficult to think that in a mod there is malicious code that “exits” the game and steals accounts and other personal data and KmsdBot tries to exploit this.
#KmsdBot #Botnet #suspected #DDoS #conduit