Chinese authorities have arrested the authors of the Mozi botnet

Helga SmithSeptyembre 2, 2021Katapusan nga Gi-update: Septyembre 2, 2021
160 2 pagbasa sa mga minuto

Experts from the Chinese information security company Netlab Qihoo 360 reported that at the beginning of this year, the country’s authorities arrested the authors of the large Mozi botnet.

The company revealed its involvement in the investigation and the operation in two blog posts, one of which was published back in June and the other earlier this week. The researchers write that they helped track both the infrastructure of the botnet and its operators.

Makapainteres, just a week ago, Microsoft experts reported on a new Mozi module that helps hackers to interfere with the traffic of infected systems using DNS spoofing and hijacking of HTTP sessions. Netlab Qihoo 360 experts say the module was part of a new Mozi feature set that botnet operators deployed shortly before the arrest, along with a module that installs cryptocurrency miners on infected systems.

Una seen in 2019, Mozi has grown rapidly. Pananglitan, according to Black Lotus Labs, in April 2020, the botnet already included 15,000 infected devices.

Mozi spread on its own: it infected one device and deployed a module on it that used the infected system to search for other devices connected to the Internet, and then used exploits against them and brute-force Telnet passwords. This worm module used more than ten exploits, which was enough for the rapid development of the botnet.

Mozi also used the DHT protocol to create a P2P network between all infected devices, allowing bots to send updates and work instructions directly to each other, allowing it to operate without a central control server.

Netlab Qihoo 360 reports that at its peak, the botnet infected up to 160,000 systems a day and in total managed to compromise more than 1,500,000 different devices, more than half of which (830,000) were located in China.

Moze botnet daily activity

Mozi is now predicted a slowdeath”, although the use of DHT and P2P makes this process and cleaning all infected devices a daunting task.

The Mozi botnet samples stopped updating a while ago, but this does not mean that the threat from Mozi is gone. Since parts of the botnet that are already spread over the Internet can continue to be infected, new devices are affected every day. In general, we expect that [Mozi] will decrease in size weekly, but may continue to “live” for a long time, like several other botnets that have been shut down by law enforcement in the past.experts say.

The Record quoted Radware specialist Daniel Smith as saying that this is not just the case with Mozi. Pananglitan, after the Hoaxcall botnet was disabled at the beginning of this year, experts faced a similar technical problem: bots continued to infect new devices for several months after the operation, acting on their own.

botnet activity

I expect Mozi to be long too. Since Mozi is a P2P botnet, it is incredibly difficult to destroy it in one fell swoop. Even if the authors are in jail, the botnet can continue to spread and infect new devices, although it will gradually die out as network devices are rebooted, updated or replaced.says Smith.

Let me remind you that I also wrote that Chinese hackers cover their tracks and remove malware a few days before detection.

Mga tag
Helga SmithSeptyembre 2, 2021Katapusan nga Gi-update: Septyembre 2, 2021
160 2 pagbasa sa mga minuto

Helga Smith

Kanunay kong interesado sa siyensya sa kompyuter, ilabi na ang seguridad sa datos ug ang tema, nga gitawag karon "siyensya sa datos", sukad pa sa akong pagkabatan-on. Sa wala pa mosulod sa Virus Removal team isip Editor-in-chief, Nagtrabaho ko isip eksperto sa cybersecurity sa daghang kompanya, lakip ang usa sa mga kontraktor sa Amazon. Laing kasinatian: Naa koy pagtudlo sa mga unibersidad sa Arden ug Reading.

Pagbilin ug Tubag

Kini nga site naggamit sa Akismet aron makunhuran ang spam. Hibal-i kung giunsa ang pagproseso sa data sa imong komento.

Balik sa ibabaw nga buton