The Demise of a Dangerous Botnet

Blog / The Demise of a Dangerous Botnet

It’s a Christmas Miracle!

Botnets are generally considered a scourge in the security world. A collection of compromised computers and devices that receive instructions from a Command and Control Center, botnets are generally considered to be a scourge in the world of cybersecurity. How each device gets compromised can be highly variable and usually depends on the device itself. Sometimes the hackers can exploit something about the device’s hardware or software configuration, or make use of an existing vulnerability. Other times the attacker(s) need to find a way to load some malware into the device to gain control.

So, what happened? It appears to have been basic Botnet operator error. Earlier this month the (fairly major) botnet, KmsdBot, just plain stopped working. Researchers had managed to compromise and monitor the botnet, so they were essentially right there when the operator made the fatal error. The hacker issued a command, one that was probably intended to launch a Distributed Denial of Service (DDOS) attack against Bitcoin.com.

!bigdata www.bitcoin.com443 / 30 3 3 100

The command, meant to launch the assault, instead crashed the malware code installed on the bot’s network of compromised devices. It seems likely the error was just forgetting to leave a space between the target URL (bitcoin.com) and the port (443). That may seem like an easy error to make and you’d think there’d be automatic error checking, but remember that malware needs to be small and fast in order to avoid detection and spread quickly.  It’s likely the lack of error checking in the code was actually intentional to keep the program as tiny as possible.

Now you may be wondering why the researchers didn’t just shut the botnet down since they had access, but in this case having access just means finding a way to intercept and decode the communications. It doesn’t mean you’ve found a way to issue a command, how to format that command even if you do, or what commands are even available. Botnet operators don’t typically include help commands and knowledge bases articles to help troubleshoot their criminal software.

Regardless of all that, the end result is that a fairly major Botnet effectively killed itself by accident. I’m sure the operator realized what happened a second after they noticed their typo. This slice of time is known as the Ono second. I’m sure this Botnet will eventually get itself back up and running and maybe even include some error checking next time around, but that’s going to take time and maybe, just maybe, there will be one less Botnet around for Christmas. That’s on my holiday wishlist at least.

This Shakespearean quote comes from Henry V: “I would give all of my fame for a pot of ale and safety.”

If you’re concerned about protecting your business from botnets over this holiday season, please contact one of our cybersecurity experts and we’ll be happy to help out with some stress-free IT, so you can worry about other things this Christmas.

Be kind, courtesy your friendly neighbourhood cyber-man.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.

View more partners