One of 1st-known Android DDoS malware infects phones in 100 countries

One of 1st-known Android DDoS malware infects phones in 100 countries


Last year, a series of record-setting attacks hitting sites including KrebsOnSecurity and a French Web host underscored a new threat that had previously gone overlooked: millions of Internet-connected digital video recorders and similar devices that could easily be wrangled into botnets that challenged the resources of even large security services.
Now, for one of the first times, researchers are reporting a new platform recently used to wage powerful denial-of-service attacks that were distributed among hundreds of thousands of poorly secured devices: Google’s Android operating system for phones and tablets. The botnet was made up of some 300 apps available in the official Google Play market. Once installed, they surreptitiously conscripted devices into a malicious network that sent junk traffic to certain websites with the goal of causing them to go offline or become unresponsive.
At its height, the WireX botnet controlled more than 120,000 IP addresses located in 100 countries. The junk traffic came in the form of HTTP requests that were directed at specific sites, many of which received notes ahead of time warning of the attacks unless operators paid ransoms. By spreading the attacks among so many phones all over the world and hiding them inside common Web requests, the attackers made it hard for the companies that defend against DDoS attacks to initially figure out how they worked. The attacks bombarded targets with as many as 20,000 HTTP requests per second in an attempt to exhaust server resources.

Submitted by: Arnfried Walbrecht


Comments are closed.