Chinese authorities have arrested the authors of the Mozi botnet

Experts from the Chinese information security company Netlab Qihoo 360 reported that at the beginning of this year, the country’s authorities arrested the authors of the large Mozi botnet.

The company revealed its involvement in the investigation and the operation in two blog posts, one of which was published back in June and the other earlier this week. The researchers write that they helped track both the infrastructure of the botnet and its operators.

Interestingly, just a week ago, Microsoft experts reported on a new Mozi module that helps hackers to interfere with the traffic of infected systems using DNS spoofing and hijacking of HTTP sessions. Netlab Qihoo 360 experts say the module was part of a new Mozi feature set that botnet operators deployed shortly before the arrest, along with a module that installs cryptocurrency miners on infected systems.

Pertama seen in 2019, Mozi has grown rapidly. Sebagai contoh, according kepada Black Lotus Labs, in April 2020, the botnet already included 15,000 infected devices.

Mozi spread on its own: it infected one device and deployed a module on it that used the infected system to search for other devices connected to the Internet, and then used exploits against them and brute-force Telnet passwords. This worm module used more than ten exploits, which was enough for the rapid development of the botnet.

Mozi also used the DHT protocol to create a P2P network between all infected devices, allowing bots to send updates and work instructions directly to each other, allowing it to operate without a central control server.

Netlab Qihoo 360 reports that at its peak, the botnet infected up to 160,000 systems a day and in total managed to compromise more than 1,500,000 different devices, more than half of which (830,000) were located in China.

Moze botnet daily activity

Mozi is now predicted a slowdeath”, although the use of DHT and P2P makes this process and cleaning all infected devices a daunting task.

The Mozi botnet samples stopped updating a while ago, but this does not mean that the threat from Mozi is gone. Since parts of the botnet that are already spread over the Internet can continue to be infected, new devices are affected every day. In general, we expect that [Mozi] will decrease in size weekly, but may continue to “live” for a long time, like several other botnets that have been shut down by law enforcement in the past.kata pakar.

The Record quoted Radware specialist Daniel Smith as saying that this is not just the case with Mozi. Sebagai contoh, after the Hoaxcall botnet was disabled at the beginning of this year, experts faced a similar technical problem: bots continued to infect new devices for several months after the operation, acting on their own.

botnet activity

I expect Mozi to be long too. Since Mozi is a P2P botnet, it is incredibly difficult to destroy it in one fell swoop. Even if the authors are in jail, the botnet can continue to spread and infect new devices, although it will gradually die out as network devices are rebooted, updated or replaced.says Smith.

Izinkan saya mengingatkan anda bahawa saya juga menulis itu Penggodam China menutup jejak mereka dan mengalih keluar perisian hasad beberapa hari sebelum pengesanan.

Helga Smith

Saya sentiasa berminat dalam sains komputer, terutamanya keselamatan data dan tema, yang dipanggil pada masa kini "sains data", sejak awal remaja saya. Sebelum menyertai pasukan Pembuangan Virus sebagai ketua Editor, Saya bekerja sebagai pakar keselamatan siber di beberapa syarikat, termasuk salah seorang kontraktor Amazon. Satu lagi pengalaman: Saya ada mengajar di universiti Arden dan Reading.

Tinggalkan pesanan

Laman web ini menggunakan Akismet untuk mengurangkan spam. Ketahui cara data ulasan anda diproses.

Butang kembali ke atas