Chinese-built botnets full of bugs

By

Botnets borrow code, and bugs too.

Chinese botnets were poorly constructed and riddled with errors, according to security researchers.

Chinese-built botnets full of bugs
Credit: Charles Knowles

Jeff Edwards and Jose Nazario, researchers at denial of service (DoS) prevention firm Arbor Networks, said Trojan malware used in the botnets contained flaws and were not concealed.

They told the Virus Bulletin 2011 conference in Barcelona that blatant flaws in the used DoS attack botnets were duplicated by rival botnets that stole the source code.

Sophisticated modern botnets often used rootkits to conceal presence, were encrypted and could be difficult to trace and eradicate. The botnets also used varied DoS tactics such as low rate denial of service attacks (pdf).

But Edwards and Nazario said Chinese botnets lacked the technology and conducted only simple DoS attacks such as SYN, TCP and HTTP floods.

They found about 40 Chinese-based botnet families of which about 20 were distinct malware families, including Darkshell, IMDDOS, Rincux, NetBot Attacker and YoyoDDoS families the researchers said.

The botnets targeted specific victims. The Darkshell botnet attacked the industrial food processing industry, IMDDOS attacked gambling websites, Rincux attacked the mining sector, and versions of Netbot Attacker had in 2008 targeted US news site CNN.

“We were surprised when we discovered that its operators have such a propensity for attacking one particular commercial market segment,” he said in a blog post.

All of the studied botnets were thought to be built in China or were controlled primarily from Chinese IP addresses.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?