Security researchers have identified a botnet of Chinese origin that is mainly used to launch distributed denial-of-service attacks against companies connected to the mining industry.Dubbed JKDDOS by Arbor Networks, a company specializing in network security solutions, the malware was first observed back in Septmeber 2009.
Since then there have been over 50 variations with the last one in December 2010, making this an active botnet. The samples are usually small in size, averaging at around 30 KB.
"
Based on its recent history of attacks, the operators of this family appear to have an axe to grind against several relatively large international holding companies that have connections to the mining industry,"
notes Jeff Edwards, a research analyst with Arbor's ASERT team.
Most variants originated in China and all but one command and control servers have so far resided in Chinese IP space.
The malware installs itself in the system32 directory and uses names similar to those of system files. It will then register itself as a service on the system so it can run at boot time.
Attackers can order bots to download and execute files, run commands on the infected systems, shutdown or reboot the hosts, or perform 16 different variations of denial of service attacks, including UDP, SYN, HTTP, TCP and ICMP flood.
Arbor Networks has seen 78 different companies being targeted by the botnet's owners during several months of monitoring. Forty are based in China, 31 in US, 5 in Hong Kong and 2 in Singapore.
Even though these attackers share a predilection towards companies connected to the mining industry, online gaming sites, online stores and discussion forums have also been attacked by the botnet.
It also possible that they might be running a pay-per-DDoS operation where people pay for privileges to use the botnet for a limited amount of time to launch attacks.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
