The Chalubo botnet is a recently discovered malware which has been found to contain advanced features from other threats and being used for DoS (denial-of-service) attack campaigns. At the moment several attacks have been sighted. Our article gives an overview of how the malware -functions.
The Chalubo Botnet Is a Formidable DoS Weapon
A new dangerous malware called the Chalubo botnet has been discovered by a team of security researchers. Several iterations of it have been found to cause infections. The first versions that are linked to it were observed back in August where three malicious components were used in an attack against x86 machines. This is attributed to be an early test attack which is probably a way for the operators to fine tune and tweak the botnet.
The Elknot dropper was later used to deliver a more complete version of the malware. The captured samples indicate that there are several variants of it available — there are specialist versions for each architecture. This makes it very effective against both servers and IoT devices.
In September a shift in the infection tactics was observed. Instead of the dropper the malicious component depended on brute force attacks against remote desktop services. The hackers loaded the infection script with the default credentials and often used username and password combinations. Updated versions of the Chalubo botnet featured advanced anti-analysis code that protected them from being discovered by both administrators and security software. This (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/chalubo-botnet-dos-weapon/