#kmsdbot — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #kmsdbot, aggregated by home.social.
-
This latest version of KmsdBot has been observed since July 16, 2023, indicating active maintenance and ongoing effectiveness in real-world attacks.
-
Y'all remember #KmsdBot @larry has been working on? the cryptomining botnet that landed on one of our honeypots earlier this year?
Part three is live now, this time discussing attack traffic. The highlights:
🟠 we believe it's DDoS for hire
🔵 victims are mostly in Asia, North America, and Europe
🟠there's an interesting lack of activity in Russia and surrounding territories possibly pointing to the origins
🔵 two notable targets for FiveM and RedM, (gaming mods for GTA V and RDR2) which can tell us a lot about who its customers are.https://www.akamai.com/blog/security-research/kmsdbot-part-three-examining-attack-traffic
#research #security #infosec #cybersec #botnets #cryptominers
-
I can't seem to stop re-reading this, it's just too good.
Botnet author failed to trap exceptions, then made a typo in commands sent from their C2, crashing their non-persistent bot daemon and so taking down their own #BotNet
Pure gold...
https://www.theregister.com/2022/12/06/botnet_kmsdbot_typo_code/
-
Syntax errors are the doom of us all, including botnet authors - Enlarge / If you're going to come at port 443, you best not miss (or fo... - https://arstechnica.com/?p=1902139 #cryptomining #syntaxerror #security #kmsdbot #biz&it #akamai #botnet #ddos
-
l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm
Wie ein Typo kriminellen Machenschaften das Handwerk legt.
-
l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm
l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm -
New #Linux #malware geared toward #embedded targets: #kmsdbot - https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware
Here's the cool thing: If you are using https://github.com/chainguard-dev/osquery-defense-kit - you can already detect an attack without any updates. At a minimum, the following alerts should fire:
- unexpected-dev-entries
- unexpected-dev-executables
- unexpected-exec-dir
- sketchy-fetchers
- unexpected-executable-permissions
- unexpected-talkers