April 28, 2020
By David Bisson 2 min read

Security researchers discovered that the new LeetHozer botnet shares some attack resources with the Moobot malware family.

The Network Research Lab at 360 found that the LeetHozer botnet had borrowed from the reporter and loader mechanism employed by Mirai. But this threat differed from other Mirai variations in that it made significant changes to the encryption method, bot program and command-and-control (C&C) communication protocol. It also employed the same downloader as well as a unique string in its vulnerability exploitation efforts as Moobot. In response to this observation, researchers posited that LeetHozer likely originated from the same organization or attacker responsible for creating Moobot.

The researchers found that the botnet began by exploiting a vulnerability to start the telnetd service in a targeted device. It then used the default password to log into the device. Upon completing this infection process, LeetHozer sent the device’s information to its reporter mechanism, reached out to its C&C server and waited for instructions to begin conducting a distributed denial-of-service (DDoS) attack.

A Look at Moobot’s Emergence

Moobot has been involved in various attack campaigns since its discovery by the Network Research Lab at 360 in September 2019. In March 2020, for instance, the security firm’s detection systems flagged various threat groups abusing zero-day vulnerabilities in LILIN DVR devices to distribute the malware. It was just a month later when the researchers at 360 revealed that they had spotted Moobot abusing another zero-day security flaw as part of its exploit attempts to target fiber routers.

Defend Against the LeetHozer Botnet’s DDoS Attacks

Security professionals can help their organizations defend against DDoS attacks launched by the LeetHozer botnet and other threats like it by developing a robust incident response plan. They can then use this strategy to ensure that their organization’s backup services start up when an attack begins targeting the network. In addition, they should use solutions powered by artificial intelligence (AI) to help determine when an attack is underway.

 |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...

More from

Intelligence & Analytics   March 30, 2023

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

Software Vulnerabilities   March 30, 2023

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and organizations should still devote efforts to patching zero days once a patch is released, there are characteristics of certain…

Intelligence & Analytics   March 30, 2023

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

News   March 29, 2023

Hack-for-Hire Groups May Be the New Face of Cybercrime

Google’s Threat Analysis Group (TAG) recently released a report about growing hack-for-hire activity. In contrast to Malware-as-a-Service (MaaS), hack-for-hire firms conduct sophisticated, hands-on attacks. They target a wide range of users and exploit known security flaws when executing their campaigns. “We have seen hack-for-hire groups target human rights and political activists, journalists and other high-risk users around the world, putting their privacy, safety and security at risk,” Google TAG says. “They also conduct corporate espionage, handily obscuring their clients’ role.”…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature