A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.
Bondnet Botnet performance seems highly sophisticated and everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.
This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.
This Botnet Attack performing Mostly for Financial Motivation and earning thousands of $ each and every day According to Guardicore Report.
Bondnet Botnet Flow (Source :GuardiCore)
According to GuardiCore Report Compromised Servers all are Windows Servers including “Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 ,Windows Server 2012 R2”
Researchers Said ,While most victims are used for mining, other victims are used to conduct attacks, serve up malware files or host the C&C servers. The attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.Basic Indication of all these attacks using Visual basic files download and install cryptocurrency miner and a remote access trojan (RAT) .
GuardiCore Stats uncovered include known phpMyAdmin configuration bugs, exploits in JBoss, Oracle Web Application Testing Suite, ElasticSearch, MSSQL servers, Apache Tomcat, Oracle Weblogic and other common services.“According to the Infection report, 500 new machines are added daily to the attacker’s network and around the same number of machines is delisted and Bondnet victims are distributed across 141 countries in 6 continents .”
Most of the Victims are used for mine different cryptocurrencies and serve up malware files or host the C&C servers.
By hiding these machines among legitimate servers the attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.
A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security.…
Microsoft has released an urgent patch for Office 2016 to address a critical issue causing…
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been…
AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers, suspected…
AI has recently been added to the list of things that keep cybersecurity leaders awake.…
A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over…
View Comments
Clever name for a botnet!
Guardicore did a good summary of the threat posed by zombie botnet armies – and this is why it’s important people take precautions (from DDoS mitigation, WAFs, and basic security readiness) to try to keep botnets away. How did people download the exploit?