Home Malware Programs Trojans Gafgyt

Gafgyt

Posted: April 3, 2019

Gafgyt is the name of a botnet that used to target Internet-of-Things (IoT) devices, but as of recently it also has been found to attempt to exploit vulnerabilities in popular Web applications like the Apache Struts and SonicWall. Just like many other botnets, the Gafgyt also may be utilized to execute large-scale Distributed-Denial-of-Service attacks that may hinder the stability of Web servers and online services.

Almost all vulnerabilities that the Gafgyt botnet is meant to exploit have already been patched, and only devices with outdated firmware are vulnerable to them – this is why we advise our readers to check the software version of their Internet-connected devices regularly and apply all security patches and updates as soon as possible.

Apart from the SonicWall and Apache Struts vulnerabilities that the Gafgyt exploits, the botnet also is programmed to scan for a large number of other vulnerabilities regarding various Huawei, GPON and D-Link devices. All systems that the Gafgyt compromises may be used to execute DDoS attacks immediately – one of the peculiar things about the Gafgyt botnet is that it was spotted to use the so-called BlackNurse DDoS attacks. Usually, these attacks are meant to consume a network’s bandwidth by sending network packets from multiple devices (botnet members). However, the BlackNurse DDoS attack is a bit more sophisticated because it uses special packets that will not result in overflooding the target with traffic - instead, it may use up all available CPU resources by forcing the targeted system’s firewall to attempt to process the compromised packets sent out by the Gafgyt botnet, therefore preventing it from processing the legitimate requests.

Loading...