AESDDoS Botnet

Posted: April 29, 2019

AESDDoS Botnet Description

The AESDDoS Botnet is a decentralized Trojan network that can use your PC for mining cryptocurrency, launching DDoS attacks, or executing code for other acts of aggression. Some of its installation exploits are abusing vulnerabilities in Confluence workplace productivity software. Users should, if appropriate, update their version of Confluence and depend on their anti-malware tools for removing the AESDDoS Botnet's Trojan.

A Confluence of Trojans and Software Weaknesses

An April-publicized vulnerability in Atlassian's Confluence Server product is in use in two criminals' campaigns: one using the opening for taking files hostage, and the other using it for hijacking the exposed hardware for external-directed attacks. Between the file-locker Trojan of the GandCrab Ransomware and the AESDDoS Botnet, Confluence users have more to be worried about than they did in March significantly.

Both of these threats are using CVE-2019-3396, an issue in the Widget Connector that facilitates the remote code execution for launching various attacks, although both Trojans have, in the past, used other infection techniques. The AESDDoS Botnet, unlike GandCrab Ransomware, includes a payload that, primarily, hijacks hardware for attacking targets elsewhere. Examples of its features that malware analysts can corroborate include an exhaustive array of Distributed-Denial-of-Service options (including UDP, SYN, and TCP flood) and cryptocurrency-mining that generates monetary equivalents for the threat actor's wallet.

The AESDDoS Botnet also gathers together system information, such as statistics concerning the processor and other hardware, and uploads them to the threat actor, who may use them for exploiting other vulnerabilities or determining a future course of action. Since it accepts multiple shell commands, and some variants modify additional files, the AESDDoS Botnet also has the potential for other attacks.

Patching Yourself Out of Trojan Tribulations

Atlassian is providing an update for the vulnerable software that will remove the issue from any possible exploitation by a remote attacker. Users of Confluence before version 6.15.1 should update their software immediately. At the same time, however, malware experts expect future attacks deploying the AESDDoS Botnet's 'bots' will use other methods, which can include spam e-mails, zero-day vulnerabilities or brute-force attacks.

The AESDDoS Botnet is receiving updates that modify its features, including some improvements that may increase the scope of harm that it can do to compromised systems. These latest changes include modifying files that, usually, only system admins would have access to, as well as a new persistence method that inserts the Trojan's execution into the system reboot command.

While it has some capacity for creating symptoms, an AESDDoS Botnet infection doesn't cause visual evidence of any attacks inherently, besides minor indicators of compromise like its network traffic. Users should protect themselves by employing compatible anti-malware programs for Linux environments that will delete an AESDDoS Botnet's bot on sight.

Most drive-by-downloads come from users endangering themselves, but no one can guard against an unknowable exploit in one of their programs. At the very least, though, possible victims can keep up their guard against an AESDDoS Botnet attack by updating their software whenever the option is there

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AESDDoS Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Botnets AESDDoS Botnet

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.