A syntax error broke an otherwise advanced cryptomining botnet called KmsdBot.
The malware, which could also be used for distributed denial-of-service (DDoS) attacks, was discovered by Akamai Security Research.
Akamai’s researchers witnessed the authors “accidentally crash” KmsdBot after observing the malware stopped sending attack commands after receiving:
!bigdata www.bitcoin.com443 / 30 3 3 100 The lack of a space between the website and the port was enough to break the malware as it didn’t have error-checking built into its code.
“This malformed command likely crashed all the botnet code that was running on infected machines and talking to the C2 — essentially, killing the botnet,” explained Larry Cashdollar, Senior Security Response Engineer at Akamai.
“Because the bot doesn’t have any functionality for persistence on an infected machine, the only way to recover is to re-infect and rebuild the botnet from scratch.”
The malware could have caused serious headaches if it wasn’t for the simple mistake—it was written in Golang so difficult to reverse-engineer, doesn’t stay persistent on an infected system to avoid detection, supports multiple architectures, and targets various industries.
According to Cashdollar, almost all of the activity that Akamai associated with KmsdBot has now ceased. However, the authors will likely attempt to reinfect systems so it’s more important than ever to stay on your guard and maintain good security practices.
(Photo by Michael Geiger on Unsplash)
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
