Skip to Content

KmsdBot goes down

Updated on 2022-12-01: KmsdBot goes down

Akamai researchers said they found a bug in the C&C communication system used by the KmsdBot cryptomining botnet that allowed them to crash the malware on all infected systems worldwide. Read more: Accidentally Crashing a Botnet

Updated on 2022-11-30: Akamai Researchers Inadvertently Crash Botnet

While monitoring the KmsdBot cryptomining botnet, Akamai researchers accidentally discovered its Achilles heel. The researchers write that they “modif[ied] a recent sample of KmsdBot to talk to an IP address in RFC 1918 address space. This allowed us to have a controlled environment to play around in — and, as a result, we were able to send the bot our own commands to test its functionality and attack signatures.” A simple syntax error cause the botnet to crash.

Note

  • This botnet operates on Windows and Linux systems, and is targeted towards gaming firms, technology companies, and luxury car manufacturers. Systems are infected using SSH to account with default or weak connections. As it’s not persistent, a crash or other interruption to the process means that nodes have to be re-acquired. While the crash resulted because of a lack of error handling, don’t assume malware operators aren’t including error handling, most do. Making sure that default passwords are changed, and passwords, where they remain, are sufficiently strong, has to be SOP. Make sure that you’re checking for re-introduction of these after updates or upgrades.

Read more in

Updated on 2022-11-29

Akamai researchers accidentally took down the KmsdBot cryptomining botnet that was used for DDoS attacks. Read more: Accidentally Crashing a Botnet

Overview

Akamai’s security team said it discovered a new botnet named KmsdBot. The company said this new botnet is written in the Go programming language, spreads by targeting systems that use weak SSH login credentials, and currently focuses on mining the Monero cryptocurrency. Read more: KmsdBot: The Attack and Mine Malware

Posted on  - Last updated:

Home > KmsdBot goes down

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.