Search the Community

Summary "A security researcher" "has uncovered evidence that Swing VPN includes code allowing its controller to functionally operate app clients as a botnet capable of Distributed Denial of Service (DDoS) attacks". Quotes My thoughts Since LMG doesn't want to create a VPN, maybe it's time for everyone to create their own VPN, because "trusting" these companies was never an option and now it's not just a matter of our own privacy, apparently. Hope it gets covered on WanShow! Sources https://www.androidpolice.com/malware-android-vpn-ddos-botnet/

Hajime is a very advanced botnet that infects Internet of Things devices to (supposedly) protect the device from other infectious botnets. The next part is very detailed, so read the article if you want in-depth info. For the purposes of my summary, I'm going to do a very high-level overview. Hajime is at the very forefront of botnet technology. Whoever created it is very talented. Hopefully, this guy is really just wanting to do good, not just shutting out competition and planning a future takeover of infected devices. Also, the IoT industry better step up their game. It shouldn't be up to vigilantes to plug their security holes. Source: arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount-of-work-into-infecting-iot-devices/

Original article by C|Net Steven Musil A failed attempt to hijack consumer routers is being blamed for network outages that left hundreds of thousands of people in Germany without internet service this weekend. Around 900,000 of Deutsche Telekom's 20 million network customers were affected by the outages, which began Sunday and lingered into Monday, the German telecommunications giant said in a statement. The attack was designed to quietly recruit the devices for a wider offensive, the second such large-scale attack on internet-connected devices in little more than a month, the company said. "The attack attempted to infect routers with a malware but failed, which caused crashes or restrictions for 4 [percent] to 5 percent of all routers," the company said in a statement. "This led to a restricted use of Deutsche Telekom services for affected customers." The company said it is rolling out a software update to fix the issue. It also recommended that customers temporarily disconnect their routers from their power source to reboot them free of the malware. On Tuesday, German Chancellor Angela Merkel said that the origin of the attack remains unknown as investigators continue to examine the incident. She also cautioned that people should expect similar disruptions down the road. "Such attacks are a part of everyday life and people have to get used to them," Merkel said, according to a Reuters report. A similar attack occurred in late October, when hackers used what's known as a distributed denial of service attack (DDoS) -- conscripting hordes of internet-connected devices like computers, routers and security cameras into a botnet that rendered dozens of popular websites inaccessible for several hours. First published November 28 at 5:30 p.m. PT. Updated November 29 at 7:13 a.m. PT: Added comments from German Chancellor Angela Merkel.

So... will Linus ever review a Xiaomi Ricecooker???

Michael Kan reports in PC Magazine, March 10 2020 headline: Microsoft Cripples Necurs Botnet by Predicting Its Communication Patterns With a US court order, Microsoft secured access to 6.1 million seemingly random domains the Necurs botnet is expected to communicate with over the next two years. https://www.pcmag.com/news/microsoft-cripples-necurs-botnet-by-predicting-its-communication-patterns

https://news.drweb.com/show/?i=13135&c=23&lng=en&p=0 https://www.bleepingcomputer.com/news/security/39-percent-of-all-counter-strike-16-servers-used-to-infect-players/ The CS client isn't secure, and has been targeted by malicious servers, growing a bot net from CS players, and promoting servers to play on that further infect more users. This was so easy to do that it constituted 39% of CS servers for a while. This has currently been partially mitigated by shutting down some of the distribution methods of the trojan by disabling select domain names, but can easily spring back up again unless the client is actually patched. Unfortunately, CS has been EOL (end of life) without further support for some time now, so that is unlikely. This is different from a previous similar attack where the user was asked to download the files, as this is silent.

An interesting security report was recently released concerning a new botnet being labelled as Fbot that appears to be targeting a seperate botnet for removal. According to a report from security firm Netlab, this botnet is a variant of the ADBminer software that appears to only have the purposed of seeking out ad removing the com.ufo.miner botnet and may have links to the original Satori botnet. https://www.ccn.com/vigilante-botnet-infects-computers-to-remove-cryptocurrency-malware/ I'm left to wonder if this is a legitimate attempt to have a botnet clean up another botnets mess or is it merely establishing itself and waiting for future deployment potential. Would be nice if it's just the former, but hard to trust. It is kind of interesting though that someone is using a botnet to kill another botnet. Netlab report: https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/

Sources: CRN Bleeping Computer TL;DR The IoT once again is wide open to another attack. This one affecting almost half a billion devices. With IoT devices potentially not even being updated, a large attack like Mirai that brought down Github, Reddit, Netflix, and other large companies could only be a short time away. Media: Quotes/Excerpts: My Opinion: We really need a 3rd party certification company or some sort of regulation to force smart devices to be audited before they reach the consumer as well as ensuring they receive security patches for at least X years. We're basically mass marketing back doors into people's homes now-a-days.

Hello all, and let me say thanks for the help ahead of time. I'm currently on my mobile device and been googling around but I figure I'll ask here while I'm researching solutions. Just as the title says, I have some sort of botnet affecting almost every device on my wifi network. I connected a new ps4 pro and my CUJO (hardware firewall) detected that my brand new ps4 pro attempted to reach an IP that's for a botnet. But it not just the ps4, my laptop (which I scan for an infection and found nothing), my brother laptop, other smartphones in the house, and so on. Surprisingly my phone doesn't get affected or my desktop but I did get rid of a malware like a week ago that did the same thing hidden in system folder. I want to know if there a way to scan my entire network with AV or malwarebytes of some kind. I almost want to factory reset every device in my house. I currently have like 50 hits a week with devices trying to get to botnet IPs.

This is definitely more of a follow-up, but information is being released by the US Court System and FBI on the Mirai Botnet that wreaked havoc last fall... According to a really good write-up on Wired, this appears to have started off primarily as a DDoS botnet to primarily target Minecraft Servers in order to advertise for competing servers and the scheme just went out of control. https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/ Again, this is a really interesting story and twist to the whole Mirai Botnet, especially considering it was not actually developed by State-Actors, but some college students who were wanting to perform shady business practices... My best guess is that after they get their slap, they will probably get some job offers with the CIA or NSA that they 'can't refuse'.

Hopefully this is the right sub. RT-N66U router, latest firmware from what I can tell (3.0.0.380_3831) Devices connected: several iphones, computers, a printer, a WD NAS, a 'Firestick', and a PS4. All of which are accounted for and work fine. Typical usage is basic web browsing, streaming (YT, Amazon, etc.) usually not HD, occasional gaming. Usually 3 people doing these during the day. I live in a well populated region of the NE U.S.. Time Warner. Pay for ~24 down ~2 up. All using 2.4 ghz wifi with the WD NAS connected via Ethernet. This is the only device connected via ethernet. Using WPA2-Personal. Router reboots every 24 hours. Here's where the issues begin. (most of these have been going on for several months now) -First, internet will randomly drop out for a few seconds. Completely disconnected from the internet (not from the router). Speeds fluctuate regardless of usage/time of day. Nothing in the router's logs that correlate to the times this happens. I do not think this is an issue with wifi in terms of signal strength. None of this was not happening a year ago (i.e. good reliable internet). edit- I would like to add this happens seemingly randomly several times throughout the day. Sometimes back-to-back, sometimes a few hours in between. -If I go to check connected devices, a couple pf devices like "Texas Instruments" (with android figure) will be there, but quickly disappear after 3 seconds. They never reappear until I close and check the router a while later. No clue what these devices could be or why they 'disappear'. These change name every few months. These devices do not correspond to anything I am aware of. Often times these devices will show up as connected via ethernet (again, only the NAS is). -The WD NAS was connecting to the internet for no known reason I know of. I used IP lookups to find out where it was connecting. WD, some amazon related IPs, and one time an IP related to a multi-national company that deals with aviation logistics located in central EU. I don't even have the slightest clue about this one. After this, I prevented the 'WD Cloud' from connecting to the internet using parental controls. Couldn't figure out how to do it any other way. From what I can tell it's behaving normally now. -ISP has sent emails a week or so ago saying there is possible botnet activity. Internet usage has not changed nor has anyone made any suspicious downloads. All computers have had scans with the latest version of malware bytes. I've changed both the router's pass and the wifi pass. Both are solid passwords. Had no effect on any of these issues. I can't be sure, but I swear speedtest isn't accurate. When no-one is using the internet here and during non-peak times, my speeds are very inconsistent, sometimes crawl (ex. having trouble streaming at 460p, very annoying to play twitch shooters with latency that fluctuates heavily from 35-60ms even in servers hosted in my own city), but speed test will always show a consistent <20ms ~22down ~1.7up. Ping tests to any website like google will be an easy 40ms+ on a good day. Based off of download speeds and things like net_graph, I'd say I'm actually getting 9Mbps down and 1 Mbps up, not the speeds speedtest claims. Ping tests to google I just ran with router: 145ms 39ms 42ms 91ms 42ms Speed with speedtest? 16ms with 22 down 1.8 up Ping tests to facebook: 331ms 361ms 320ms 329ms 310ms Ping tests to Youtube: 54ms 212ms 52ms 48ms 271ms Speed test says 11ms. This sh*t happens on all computers I tested with. It's a conspiracy man... I don't really know what's going on and would like some ideas about what to do with any of this. Maybe it's all normal stuff and I'm going crazy... As is probably painfully clear, I don't know much about networking. If I'm missing relevant info I'll correct that asap.

I am currently setting up a botnet / beowulf cluster computer with tons of free computers (all awful and old) and going to mine virtual currencies with it such as bitcoin, litecoin, dogecoin, etc. I have a little experience in doing such things but it would be nice to have suggestions for the botnet / cluster computer.

Okay, so I am creating a club/organization at my high school and need some help. Here is some information about the organization. What I need help with is that I don't know if I have access to powerful enough machines to do virtualization with. However, all of the students in the school have a Laptop provided to them as we are a technology based school. So I was wondering if it was possible to have say a machine at my house to host virtual machines as a server and connect to those virtual machines through our school provided laptops. My connection is a solid 150 Mb/s download speed and 11 Mb/s upload speed. Also, I may be able to host these virtual machines on a school computer in another room, but I would somehow need to be able to use processing power from a number of computers as one is not powerful enough to host. Is there anything that you can think of that would make this possible?

I just noticed this today, I have no idea when it started happening. But my PC is executing Microsoft resource file to coff object whenever it can. When I open up Task Manager to see what's up, the process shows up for a few seconds, and disappears afterwards--as if it was hiding from me. I managed to open the file location and it points to cvtres.exe with the path: C:\Windows\Microsoft.NET\Framework\v2.0.50727 Can anybody help out? I want this gone.

Just found out about this story and wanted to know what the community's response was on the subject. I personally think that some of the sites covering this don't know the difference between their Left to their Right but some links are included below. ITV Google list of related news link one Google list of related news link two Google list of related news link three :blink: :wacko: