KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service
Dec 20, 2022
Server Security / Cyber Attacks
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM , which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as luxury brands and security firms. KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service (DDoS) attacks. However, a lack of an error-checking mechanism in the malware source code caused the criminal operators to inadvertently crash their own botnet last month. "Based on observed IPs and domains, the majority of the victims are located in Asia, North America, and Europe," Akamai researchers Larry W. Cashdollar and Allen West said .