Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Dark_nexus botnet outstrips other malware with new, potent features

April 8, 2020
in Internet Security
Dark_nexus botnet outstrips other malware with new, potent features
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A new botnet has entered the threat landscape that researchers say “puts to shame” others on the scene, such as Mirai and Qbot.

On Wednesday, researchers from cybersecurity firm Bitdefender said the new botnet, dubbed “dark_nexus,” packs a range of features and capabilities that go beyond those typically found in today’s botnets. 

You might also like

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Facebook bans Myanmar military-controlled accounts from its platforms

Cloud, data amongst APAC digital skills most needed

Botnets are networks of machines, Internet of Things (IoT) products, and mobile devices that have been compromised and enslaved to a main controller. Together, these devices can be used to perform distributed denial-of-service (DDoS) attacks, launch spam campaigns en masse, and more. 

Dark_nexus, named so due to strings printed on its banner, has code links to both Mirai and Qbot, but the team says the majority of the botnet’s functions are original. 

“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” Bitdefender says. 

Dark_nexus has existed for three months and during this time, three different versions have been released. Honeypots have revealed that there are at least 1,372 bots connected to the botnet, with the majority being hosted in China, the Republic of Korea, Thailand, and Brazil. 

In order to compromise a machine after discovery, the botnet will use credential-stuffing and exploits. Two modules, one synchronous and one asynchronous, are in use, but both of which will attempt to use the Telnet protocol and predefined credential lists to obtain access. 

“Much like the scanners employed by other widespread botnets […] the scanner is implemented as a finite state machine modeling the Telnet protocol and the subsequent infection steps, in which the attacker issues commands adaptively based on the output of previous commands,” Bitdefender explained. 

During startup, the botnet uses the same processes as Qbot; several forks are implemented, some signals are blocked, and then the botnet detaches itself from the terminal. In the same way as Mirai, the botnet will then bind itself to port 7630. In addition, the malware attempts to conceal its activities by renaming itself to /bin/busybox. 

See also: This new variant of Mirai botnet malware is targeting network-attached storage devices

The botnet has a payload customized for a total of 12 different CPU architectures and is delivered depending on a victim’s configuration and setup. 

Dark_nexus uses a rather unique approach to maintain a foothold on a machine — a form of ‘risk assessment’ conducted on existing processes. A list of whitelisted processes is included in the malware’s code, together with their process identifiers, which dictates the processes that are considered okay. Everything that crosses a “threshold of suspicion” is killed. 

The botnet connects to two command-and-control (C2) servers alongside a report server that receives reports of vulnerable services — containing both IP and port numbers — at the time of discovery.

Server addresses are either hardcoded into lightweight downloaders or a reverse proxy feature, in some cases, is used to turn each victim as a proxy for the hosting server, which then serves the samples found on a random port. 

CNET: Facebook pulls down fake accounts linked to Egypt and France

Attacks launched by the botnet are rather typical, with one exception — the browser_http_req command. Bitdefender says this element is “highly complex and configurable,” and “it attempts to disguise the traffic as innocuous traffic that could have been generated by a browser.”

Another feature of interest is an attempt to prevent a device from rebooting. The cron service is compromised and stopped, while permissions are also removed from executables that could restart a machine. 

The developer of the botnet is believed to be greek.Helios, a known botnet author that has been flogging DDoS services in underground forums for a number of years. 

TechRepublic: Fraud prevention startup working on anonymous peer-to-peer verification network

The researchers also found socks5 proxies in some versions of the malware, a feature also found in botnets such as Mirai variants, TheMoon, and Gwmndy, and continue to watch the botnet’s development with interest.

“A possible motivation would be selling access to these proxies on underground forums. However, we have not found evidence of this yet,” Bitdefender says. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

A New Emerging IoT Botnet Malware Spotted in the Wild

Next Post

These Publishers See Ezoic Machine Learning As Critical During Pandemic & Record Low Advertiser Spending

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Next Post
These Publishers See Ezoic Machine Learning As Critical During Pandemic & Record Low Advertiser Spending

These Publishers See Ezoic Machine Learning As Critical During Pandemic & Record Low Advertiser Spending

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Asimov’s Three Laws Of Robotics And AI Autonomous Cars 
Artificial Intelligence

Asimov’s Three Laws Of Robotics And AI Autonomous Cars 

February 26, 2021
Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics
Machine Learning

Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics

February 26, 2021
Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS
Neural Networks

Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS

February 26, 2021
60+ free martech sessions. The agenda is live!
Digital Marketing

60+ free martech sessions. The agenda is live!

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Asimov’s Three Laws Of Robotics And AI Autonomous Cars  February 26, 2021
  • Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics February 26, 2021
  • Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS February 26, 2021
  • 60+ free martech sessions. The agenda is live! February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates