Home Malware Programs Botnets DDG Botnet

DDG Botnet

Posted: April 10, 2020

The DDG Botnet is a relatively new project that has been observed by malware researchers closely ever since it first appeared on the radar at the beginning of 2018. This botnet is used for Monero mining almost exclusively, and its authors have not added modules that would enable the botnet to launch Distributed-Denial-of-Service (DDoS) attacks or participate in other activity typical for botnets. However, while the DDG Botnet features might not be very rich, this botnet has one very unique property – it is able to use peer-to-peer communication in case the primary Command and Control servers get taken down. This redundancy would allow the DDG Botnet to continue to operate and grow, even if the attacker's main servers are taken down for some reason.

The current size of the botnet is approximate to be around 20,000 devices, and its peak activity was reached in February 2019. However, the project appears to be receiving regular updates, and one of the latest things to be changed was adding the ability to use peer-to-peer communication to continue the botnet's operation.

Every enslaved system that is part of the DDG Botnet can now communicate with 200 random botnet nodes to transmit/receive commands. The infected hosts are able to share instructions, configuration files, and even distribute new botnet payloads to each other. For example, if bot A needs to update its payload, it may contact bot B to see if it get it from there. If bot B cannot fulfill the request, it will keep sending the message to bot C, and the same task will be completed until the request is fulfilled. The same communication technique is used for each node that requires some update and cannot contact the DDG Botnet's control server for some reason.

The relatively large size of the DDG Botnet is surprising considering the method it uses to infect new hosts – it scans the Internet for accessible SSH connections, and then tries to log in by using the username 'root' paired with a list of 17,907 passwords.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DDG Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.