Sunday, June 7, 04:07
Home security Dark_nexus: The new powerful botnet that stands out from other malware

Dark_nexus: The new powerful botnet that stands out from other malware

A new botnet has come to the fore, which seems to be even more threatening than that Mirai and Qbot. Its security researchers Bitdefender revealed that the new botnet, called Dark_nexus, is distinguished by certain features and properties that make it stand out from other modern malware botnets.

But what are botnets?
The term "botnet" comes from the words robot and network. Computer networks are referred to as botnets, and production (Internet of Things) products and mobile devices that have been infected by malware hackers. Botnets can be used for DDoS attacks, spam distribution emails, the spread of viruses, data theft and other malicious activities.

Dark_nexus, so named because of the strings in its banner, has some things in common with Mirai and Qbot, but most of its features are original. For example, the way some of its modules were developed makes it much more powerful, according to Bitdefender. Dark_nexus is a botnet that has been active for three months, and three versions have been released so far. In addition, honeypots have revealed that there are at least 1.372 bots connected to the botnet, most of which are located in China, the Republic of Korea, Thailand and Brazil. To hack a device, botnet uses data linked to credentials and exploits any errors. Two modules are also used, one modern and one asynchronous, with the aim of using the protocol telnet and predefined lists of credentials to gain access to the targeted device. In addition, malware attempts to hide its actions renamed to / bin / busybox. Botnet has a payload that can be adapted to 12 different architectures CPU and is transferred according to the settings made by the victim on the device. It is also connected to two servers commands and control (C2) and with a report server, which receives reports on vulnerable services that contain both IP and port numbers.

The attacks carried out by this botnet are generally commonplace, with one exception - the browser_http_req command. Bitdefender points out that this element is "extremely complex and configurable" and "tries to disguise the movement, presenting it as a harmless movement that could have been created by a browser". Another interesting feature is the attempt to prevent a device from restarting. The cron service is compromised and interrupted, and the proper functions for restarting a device cannot be performed. It is worth noting that the botnet developer is presumed to be Greek. Finally, the researchers found socks5 proxies in some variations of malware, a feature found in botnets such as Mirai, TheMoon and Gwmndy, while still tracking botnet evolution.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...