Saturday, October 5, 2024
HomeCyber CrimeNew DDoS IRC Bot Spreads Through Korean WebHard

New DDoS IRC Bot Spreads Through Korean WebHard

A GoLang-programmed IRC (Internet Relay Chat) bot strain is being used to perform distributed denial-of-service (DDoS) attacks against Korean users.

Researchers at AhnLab’s Security Emergency-response Center (ASEC) revealed in a new paper issued on Wednesday that the virus is being distributed under the appearance of adult games. “In addition, the DDoS malware was downloaded and the UDP RAT was employed.”

The Attack Strategy

The virus is being distributed by the attackers using file-sharing websites such as Korean WebHards, according to researchers.

  • First, the malware-infected games are compressed ZIP packages and posted to webhards (a type of remote file storage service).
  • Secondly, when the game is launched, an executable (Game Open[.]exe) is staged to run a malware payload while the game is launched.
  • This payload, a GoLang-based downloader, connects to a remote command-and-control (C&C) server to download more malware, including a DDoS-attacking IRC bot.
  • “It’s a sort of DDoS Bot malware, but it communicates with the C&C server using IRC protocols,” the researchers explained. “Unlike UDP Rat, which only supported UDP Flooding assaults, Slowloris, Goldeneye, and Hulk DDoS attacks are all supported.”

 

According to the experts, GoLang’s minimal development costs and cross-platform capabilities have made it a popular choice among threat actors.

 

“The malware is actively transmitted via file-sharing websites such as Korean webhards,” according to AhnLab. “As a result, using executables downloaded from a file-sharing website with caution is suggested. It is recommended that customers obtain products from the developers’ official websites.”

What Is The Mechanism Behind It?

  • The DDoS IRC bot is installed using a GoLang downloader, UDP RAT, and a publicly available open-source Simple-IRC-Botnet.
  • The malware communicates with the C2 server using IRC protocols. While operating, it connects to a specified IRC server and enters the attacker’s channel. If directives are sent through the channel, it can launch DDoS assaults against a target.
  • While the UDP RAT just enables UDP Flooding assaults, this one also supports Hulk DDoS, Slowloris, and Goldeneye attacks.

Conclusion

The DDoS IRC bot is brand new and not frequently used yet. It is, however, still being aggressively propagated on Korean webhards, indicating a specific target group of potential victims. When downloading files from a file-sharing website, it is essential to be cautious and only use official sources.

David Scott
David Scott
Digital Marketing Specialist .
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us