Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

The United States seizes $ 7.74 million with a crystallian -related IT workers of North Korea

June 16, 2025

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The new Gorilla botnet launched more than 300,000 DDoS attacks in 100 countries
Global Security

The new Gorilla botnet launched more than 300,000 DDoS attacks in 100 countries

AdminBy AdminOctober 7, 2024No Comments2 Mins Read
Gorilla Botnet
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 7, 2024Ravi LakshmananIoT Security / Botnet

The Gorilla botnet

Cybersecurity researchers have discovered a new family of botnet malware called Gorilla (aka GorillaBot) that is a leak variant Mirai botnet source code.

Cybersecurity firm NSFOCUS, which discovered the activity last month, said botnet “issued more than 300,000 attack commands with shocking attack density” between September 4 and 27, 2024. Each day, at least 20,000 commands designed to carry out distributed denial-of-service (DDoS) attacks come from the botnet. on average.

Cyber ​​security

The botnet is said to have targeted more than 100 countries, attacking universities, government websites, telecommunications, banking, gaming and gambling sectors. China, USA, Canada and Germany became the most attacked countries.

The Beijing-headquartered company said it mainly uses Gorilla UDP floodACK BYPASS flood, Valve Source Engine (VSE) flooding., SYN floodand ACK flood conduct DDoS attacks by adding connectionless nature of the UDP protocol allows arbitrary spoofing of IP addresses to generate large amounts of traffic.

In addition to supporting multiple processor architectures such as ARM, MIPS, x86_64, and x86, the botnet provides the ability to connect to one of five predefined Command and Control (C2) servers to await DDoS commands.

In an interesting twist, the malware also embeds functionality to exploit a security flaw in Apache Hadoop YARN RPC to achieve remote code execution. It should be noted that the deficiency was abused in the wild as early as 2021, according to reports Alibaba Cloud and Trend Micro.

Host persistence is achieved by creating a service file called custom.service in the “/etc/systemd/system/” directory and setting it to start automatically every time the system starts.

Cyber ​​security

The service, for its part, is responsible for loading and executing a shell script (“lol.sh”) from the remote server (“pen.gorillafirewall(.)su”). Similar commands are also added to the “/etc/inittab”, “/etc/profile” and “/boot/bootcmd” files to load and run the shell script at system startup or user login.

“He introduced various DDoS attack techniques and used encryption algorithms commonly used in Keksec group to hide key information while simultaneously using multiple methods to maintain long-term control over IoT devices and cloud hosts, demonstrating a high level of counter-detection awareness as a new family of botnets,” NSFOCUS said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

The United States seizes $ 7.74 million with a crystallian -related IT workers of North Korea

June 16, 2025

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

The United States seizes $ 7.74 million with a crystallian -related IT workers of North Korea

June 16, 2025

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

The United States seizes $ 7.74 million with a crystallian -related IT workers of North Korea

June 16, 2025

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.