Tag Archive for Botnet

| March 7, 2023
Comments Off on Blockchain is Enabling Malware

Blockchain is Enabling Malware

Blockchain is Enabling MalwareBlockchain was going to save the world. Remember the hype? It was going to save the environment. Blockchain was going to change the world.  In a 2018 hype piece Wired listed “187 Things the Blockchain Is Supposed to Fix.” The first item on the 2018 Wired list of things blockchain was going to fix is “Bots with nefarious intent.” 

Nozomi networksWell, it is 2023 and Wired’s prediction is wrong. Cybersecurity firm Nozomi is reporting that blockchain is being used to enable malware. Bleeping Computer writes that the security researchers found the Glupteba malware botnet has been resurrected. Glupteba is a blockchain-enabled malware that has been targeting Windows devices worldwide since at least 2011.

Blockchain-enabled malware

The San Fransisco cybersecurity firm describes Glupteba as a blockchain-enabled, modular malware that infects Windows and IoT devices. The malware is distributed through malvertising on pay-per-install (PPI) networks and traffic distribution systems (TDS). It pushes the malware installer when the victim clicks on a weaponized link disguised as free software, videos, or movies. Once installed, the malware will mine for cryptocurrency, steal user credentials, and deploy proxies on compromised systems. The proxies are later sold as ‘residential proxies‘ to other cybercriminals.

Bitcoin wallet

Glupteba uses the Bitcoin blockchain to evade disruption. The zombies get updated lists of command and control servers to contact for commands to execute their malware activities from Bitcoin. The infested computers search the public Bitcoin blockchain for transactions related to wallet addresses owned by the attackers. From the Bitcoin wallet, the zombie clients can fetch an AES encrypted address C2 server address.

The malware uses the blockchain strategy to prevent takedowns, like the Google December 2021 disruption. Google was able to disrupt the blockchain-enabled botnet. The botnet was disrupted by gaining court orders to seize control of the botnet’s infrastructure and filing complaints against two Russian operators.

rb-

Because blockchain transactions cannot be erased (by design), it is much harder to take down C2 servers. Furthermore, without a Bitcoin private key, law enforcement cannot plant payloads onto the controller address to take over or shutdown a botnet. Ars has a deeper explanation here.

Please remember that the original reason for Bitcoin was that it would do away with the need for trust in people. The assumption appears to be that you can trust the technology – but not people. This malware proves that this is a faulty premise.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 30, 2017
Comments Off on Are You a Human

Are You a Human

Are You a HumanDetroit-based Are You a Human was recently purchased by Virginia-based Distil Networks. The purchase is part of Distil’s efforts to expand its bot-detection capabilities. As part of the acquisition, the Human Tag will be re-branded as Distil Bot Discovery. Distil will open an office in Detroit and increase its presence in Motown. All 10 of Are You A Human’s employees are staying on, according to reports.

The firm’s website describes the Are You Human technology;

[Are You Human] collects hundreds of fingerprinting metrics and analyzes user’s device, software, and natural behavior to develop robust behavioral metrics on each page view in real-time … Only through an expert understanding of natural human characteristics and behavior is it possible to identify the 99% of non-human traffic caused by new and unique bots that fraud detection and verification systems can’t find

suite of bot-detection productsDistill Networks will add A You a Human’s real-time analysis technology and biometric information to its own suite of bot-detection products and use it to launch a free bot-discovery plugin for Google Analytics. Detecting bots is important because they can inflate website traffic numbers or present a security risk by searching for sensitive information.

The firm cited the Motor City as being:

… incredibly helpful and supportive to us, and we can’t imagine doing this anywhere else. Being able to build this company in Detroit has been hugely meaningful to all of us, and we’ll still be part of that awesome community going forward.

Detroit skyline

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| November 10, 2016
Comments Off on Bad Passwords Crippled the Web

Bad Passwords Crippled the Web

Bad Passwords Crippled the WebFollowers of the Bach Seat know that passwords suck and now default passwords really suck. In fact, default passwords seem to be a key part of the massive DDOS attack that disabled large parts of the Internet on October 21, 2016. The cyberattack targeted Internet traffic company DYN. DYN provides DNS services for many high-profile sites. Some of the sites affected by the attack on Dyn included; Amazon (AMZN), Business Insider, New York Times, Reddit, and Twitter (TWTR).

Security researcher Brian Krebs, whose site, krebsonsecurity.com, was one of the first sites hit by a massive 620 GB/s DDoS attack, has reported the Mirai botnet was at the center of the attack on his site. CIO.com reports  ‘Mirai’ can break into a wide range of Internet of Things (IoT) devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots. CIO reports a single Chinese vendor, Hangzhou Xiongmai Technology made many of the devices used in the Mirai attacks.

Level 3 Communications says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying to login to devices using a list of default usernames and passwords that are baked into Mirai code, according to US-CERT. The Mirai zombie devices are largely security cameras, DVRs, and home routers. Mr. Krebs identified some of the specific devices.

Mirai Passwords

UsernamePasswordFunction
admin123456
root123456ACTi IP camera
adminpassword
admin1password
rootpassword
admin12345
root12345
guest12345
admin1234
root1234
administrator1234
888888888888
666666666666Dahua IP camera
admin(none)
admin1111Xerox printers, etc.
admin1111111Samsung IP camera
admin54321
admin7ujMko0adminDahua IP camera
adminadmin
adminadmin1234
adminmeinsmMobotix network camera
adminpass
adminsmcadminSMC router
Administratoradmin
guestguest
motherfucker
root(none)Viviotek IP camera
root00000000Panasonic printers
root1111
root54321Packet8 VoIP phone
root666666Dahua DVR
root7ujMko0adminDahua IP camera
root7ujMko0vizxvDahua IP camera
root888888Dahua DVR
rootadminIPX-DDK network camera
rootankoAnko Products DVR
rootdefault
rootdreamboxDreambox TV receiver
roothi3518HiSilicon IP Camera
rootikwbToshiba network camera
rootjuantechGuangzhou Juan Optical
rootjvbzdHiSilicon IP Camera
rootklv123HiSilicon IP Camera
rootklv1234HiSilicon IP Camera
rootpass
rootrealtekRealtek router
rootroot
rootsystemIQinVision camera, etc.
rootuser
rootvizxvDahua camera
rootxc3511H.264 - Chinese DVR
rootxmhdipcSenzhen Anran security camera
rootzlxx.EV ZLX two way speaker
rootZte521ZTE router
serviceservice
supervisorsupervisorVideoIQ
supportsupport
techtech
ubntubntUbiquiti AirOS Router
useruser

US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the botnet has generated greater than 1Tbps DDoS attacks.

DDOS attackWhen Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, DNS, GRE, SYN, UDP and Simple Text Oriented Message Protocol (STOMP) floods, says Josh Shaul, vice president of web security for Akamai.

rb-

Followers of Bach Seat already know that many of the default passwords used by Mirai are among the worst and should have been changed already. They include:

  • Password
  • 123456
  • 12345
  • 1234

While reports say, Chinese vendor, XiongMai Technologies equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from Xerox (XRX), Toshiba (TOSBF), Samsung (005930), Panasonic (6752), and ZTE (763).

I wrote about security cameras being compromised as part of botnets back in July here.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| November 5, 2016
Comments Off on Chatbots Taking Over Politics

Chatbots Taking Over Politics

Chatbots Taking Over PoliticsMercifully, the 2016 U.S. election cycle is coming to an end. Most people are talking about how terrible all the candidates are. We don’t care anymore both candidates suck. The political conversation online is even worse. Political conversation online is more hateful because most of the politics on social media outlets like Facebook or Twitter are chatbots.

Researchers say that most election tweets come from political chatbots. Chatbots are computer programs that simulate human conversation or chat through artificial intelligence. Political chatbots engage with other users about politics, especially on Twitter (TWTR) and Facebook (FB).

Chatbots are rooting for Trump.

most election tweets come from political chat botsRecode reports that chatbots for both sides are pushing their candidates hard. According to a paper released by Oxford University’s Project on Computational Propaganda, Republican bots are out tweaking Democratic chatbots on the Web.

The researchers found that most bots root for Trump to win the election. During the third presidential “debate,” Twitter bots sharing pro-Trump-related content outnumbered pro-Clinton bots by 7 to 1. Between the first and second debates, bots generated more than 33% of pro-Trump tweets, compared with 20% for pro-Clinton tweets.

Twitter bot

The Oxford team found that a Twitter bot is automated account software that acts independently. Bots can retweet, like, and reply to tweets. They can also follow accounts and tweet themselves.

bots can give candidates and issues unwarranted cloutThe researchers found that Twitter accounts with extremely high levels of automation, meaning they tweeted over 200 times during the data collection period (Oct. 19-22) with a debate-related hashtag or candidate mention, accounted for nearly 25% of Twitter traffic surrounding the last debate.

The problem with the outpouring of automated engagement on Twitter is that campaigns often measure success (and decide where and how to invest in further outreach) by counting these retweets, likes, replies, and mentions.

Chatbots can give issues unwarranted clout.

The article states that it is hard to tell how many retweets and likes are from real supporters. A proliferation of chatbots can give candidates and issues unwarranted clout. Throughout the race, Trump has discounted the value of polls. They’re rigged, he says. Instead, his campaign implores Americans to reference how viral he is on social media and the size of his rallies.

rump’s uptick in automated Twitter fandomThe third debate came on the heels of the leaked tape of Trump bragging about sexually assaulting women, which went viral. The article speculated that Trump’s uptick in automated Twitter fandom during the debate may have been intended to counteract the lingering outrage against the candidate on social media.

Increasingly, journalists use Twitter to report stories and prove public interest. They believe it’s an excellent way to bring audience voices into a political discussion, though more voices don’t always make for a better conversation. The author warns that much of the engagement numbers aren’t from real people, which is also a sobering reminder that virality is no demonstration of genuineness.

Automated fake profiles that look real

journalists use Twitter to report stories and prove public interestDonald Trump likes to boast that he’s more popular than Hillary Clinton on social media. After all, he has 12.9 million Twitter followers, while Clinton lags behind with a mere 10.1 million. But it’s hard to say how much those numbers mean if many of them represent robots. Sam Woolley, a researcher at the University of Washington who studies the political use of social media bots, told Revelist “… that well over half of his [Trump] followers are automated, fake profiles made to look like real people.”

Mr. Howard told CNN,The takeaway is that we should be skeptical about social media … Politicians use bots to influence debate, it’s often a form of a negative campaign because in many cases these bots can be very vicious.

Rb-

Filippo Menczer, a computer scientist at Indiana University’s School of Informatics and Computing, said botnets have been deployed in many countries to squelch dissent. “We’ve seen examples in other countries – in Russia, Iran, and Mexico – of bots used to destroy social movements. They would impede conversations.  All of a sudden, you would see hundreds of thousands of junk tweets flooding your feed.”

Notice the Trump – Russia tie.

This is one of the risks of automating work with bots, which I wrote about here. The pro-Trump bots keep counting on themselves to skew their total numbers up and bury the discussion points from actual voters under the avalanche of bot chat.

Watch out—it won’t be long before chatbots are granted rights under dubious SCOTUS rulings like Citizen United.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 14, 2015
Comments Off on TLA Does Good?

TLA Does Good?

TLA Does Good?ZDNet reports that in the last batch of Snowden documents, there may finally be some evidence that some TLA’s were doing some good. They spied on criminals too. Apparently one Snowden document boasts of how “criminals” can be found through a TLA program.

some TLA's spied on criminals and not citizensUsing this program TLAs can identify cyber attackers. ZDNet says that malicious users causing a “distributed denial-of-service” or DDoS attack, where a group of people overload a server or network with a flood of network traffic can be traced and identified. The TLA also used its program to troll online criminal forums.

rb-

Unfortunately, for law-abiding U.S. citizens, none of the Snowden documents to date have shown that the info collected on criminals was used to stop cyber attacks or was passed on to law enforcement to take action.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries