Security researchers discovered that the new LeetHozer botnet shares some attack resources with the Moobot malware family.
The Network Research Lab at 360 found that the LeetHozer botnet had borrowed from the reporter and loader mechanism employed by Mirai. But this threat differed from other Mirai variations in that it made significant changes to the encryption method, bot program and command-and-control (C&C) communication protocol. It also employed the same downloader as well as a unique string in its vulnerability exploitation efforts as Moobot. In response to this observation, researchers posited that LeetHozer likely originated from the same organization or attacker responsible for creating Moobot.
The researchers found that the botnet began by exploiting a vulnerability to start the telnetd service in a targeted device. It then used the default password to log into the device. Upon completing this infection process, LeetHozer sent the device’s information to its reporter mechanism, reached out to its C&C server and waited for instructions to begin conducting a distributed denial-of-service (DDoS) attack.
A Look at Moobot’s Emergence
Moobot has been involved in various attack campaigns since its discovery by the Network Research Lab at 360 in September 2019. In March 2020, for instance, the security firm’s detection systems flagged various threat groups abusing zero-day vulnerabilities in LILIN DVR devices to distribute the malware. It was just a
Support the originator by clicking the read the rest link below.
