Kitajske oblasti so aretirale avtorje botneta Mozi

Experts from the Chinese information security company Netlab Qihoo 360 reported that at the beginning of this year, the country’s authorities arrested the authors of the large Mozi botnet.

The company revealed its involvement in the investigation and the operation in two blog posts, one of which was published back in June and the other earlier this week. The researchers write that they helped track both the infrastructure of the botnet and its operators.

Interestingly, just a week ago, Microsoft experts reported on a new Mozi module that helps hackers to interfere with the traffic of infected systems using DNS spoofing and hijacking of HTTP sessions. Netlab Qihoo 360 experts say the module was part of a new Mozi feature set that botnet operators deployed shortly before the arrest, along with a module that installs cryptocurrency miners on infected systems.

najprej seen v 2019, Mozi has grown rapidly. Na primer, according to Black Lotus Labs, in April 2020, the botnet already included 15,000 infected devices.

Mozi spread on its own: it infected one device and deployed a module on it that used the infected system to search for other devices connected to the Internet, and then used exploits against them and brute-force Telnet passwords. This worm module used more than ten exploits, which was enough for the rapid development of the botnet.

Mozi also used the DHT protocol to create a P2P network between all infected devices, allowing bots to send updates and work instructions directly to each other, allowing it to operate without a central control server.

Netlab Qihoo 360 reports that at its peak, the botnet infected up to 160,000 systems a day and in total managed to compromise more than 1,500,000 different devices, more than half of which (830,000) were located in China.

Moze botnet daily activity

Mozi is now predicted a slowdeath”, although the use of DHT and P2P makes this process and cleaning all infected devices a daunting task.

The Mozi botnet samples stopped updating a while ago, but this does not mean that the threat from Mozi is gone. Since parts of the botnet that are already spread over the Internet can continue to be infected, new devices are affected every day. In general, we expect that [Mozi] will decrease in size weekly, but may continue to “live” for a long time, like several other botnets that have been shut down by law enforcement in the past.pravijo strokovnjaki.

The Record quoted Radware specialist Daniel Smith as saying that this is not just the case with Mozi. Na primer, after the Hoaxcall botnet was disabled at the beginning of this year, experts faced a similar technical problem: bots continued to infect new devices for several months after the operation, acting on their own.

botnet activity

I expect Mozi to be long too. Since Mozi is a P2P botnet, it is incredibly difficult to destroy it in one fell swoop. Even if the authors are in jail, the botnet can continue to spread and infect new devices, although it will gradually die out as network devices are rebooted, updated or replaced.says Smith.

Naj vas spomnim, da sem to tudi napisal Chinese hackers cover their tracks and remove malware a few days before detection.

Helga Smith

Vedno me je zanimalo računalništvo, zlasti varnost podatkov in tema, ki se dandanes imenuje "znanost o podatkih", že od zgodnjih najstniških let. Pred prihodom v ekipo za odstranjevanje virusov kot glavni urednik, Delal sem kot strokovnjak za kibernetsko varnost v več podjetjih, vključno z enim od Amazonovih izvajalcev. Še ena izkušnja: Poučujem na univerzah Arden in Reading.

Pustite odgovor

To spletno mesto uporablja Akismet za zmanjšanje neželene pošte. Preberite, kako se obdelujejo vaši komentarji.

Gumb Nazaj na vrh