Sunday, May 26, 2019
Home / Malware / Cross-platform Botnet launches DDoS attacks

Cross-platform Botnet launches DDoS attacks

Researchers at Kaspersky labs have discovered a sample of malware that’s effective at infecting computers operating Windows, Mac OS X, and Linux which have Oracle’s Java software framework installed.

The cross-platform botnet is detected as HEUR:Backdoor.Java.Agent.a, which was given to it by a blog post on Kaspersky’s site.  The malware takes hold of computers via an exploit CVE-2013-2465, a vital Java vulnerability which Oracle fixed in June. The security bug exists on Java 7 u21 and earlier. As soon as the bot has infected a computer, it duplicates itself to the autostart directory associated with its particular platform to be sure it runs anytime the device is turned on. The malware then reports to an Internet relay chat (IRC) channel that behaves as a command and control server where attackers can receive information and execute commands.

The botnet is made to carry out distributed denial-of-service (DDoS)  attacks on servers. Instructions issued within the IRC channel enable the attackers to indicate the exact IP address, port number, strength, and time period of attacks. The malware is programmed completely in Java, allowing it to operate on Windows OS X and Linux machines. For additional versatility, the bot incorporates PircBot, an IRC programming interface based on Java.  The malware authors also used Zelix Klassmaster obfuscator to make it more difficult to reverse engineer.

While Kaspersky was analyzing the malware, the bot masters initiated a DDoS attack on a mail server, you can view it in the picture below.


About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …