Abcbot Botnet Focuses on DDoS Attacks

Trickbot Coronavirus-Themed Samples

Google's Go language is quickly being adopted by many malware developers, and it seems that botnet operators are also following the same pattern. In recent news, the BotenaGo Botnet goes after Internet-of-Things devices that are vulnerable to specific exploits. However, this is not the only Go-based botnet to be active currently – the Abcbot Botnet is also worth a mention. This new project was identified by security researchers at the beginning of November. It seems to specialize in the execution of flexible distributed-denial-of-service attack that could knock off servers, services, and other Internet-connected applications.

Abcbot Botnet Exploits Devices Through Weak Passwords

The malware targets a wide range of cloud-based services, and the operators are looking for systems running weak password credentials. The infected devices proceed to scan the Internet for other vulnerable systems, therefore enhancing the speed of Abcbot Botnet's propagation. Currently, the threat seeks weak passwords in SSH, FTP, Redis, Mssql, Mongo, and PostgreSQL. In addition to this, it also exploits an older WebLogic vulnerability that may be found in unpatched services.

The botnet does not boast many features apart from the DDoS functionality. It is able to automatically update its payload, enabling the criminals behind the operation to easily introduce new features, or modify the command-and-control server and other configuration.

The researchers tracking the development of the project report that Abcbot Botnet's operators seem to be switching between various strategies and technologies. For example, the initial version of the DDoS feature was barely functional, and it was quickly replaced by a more elaborate version in just a few weeks. However, it is very likely that the creators of the botnet will continue to push different updates and improvements to enhance the operation's functionality.

Staying safe from the Abcbot Botnet is easy when you know how the criminals are handpicking their targets. Make sure that all Internet-facing services and applications are protected with secure login credentials. Naturally, also make sure to regularly check for pending firmware updates and security patches that can fix vulnerabilities.

By Ruik
November 12, 2021
November 12, 2021