LeetHozer Botnet Description
The LeetHozer Botnet is a network of Trojans that compromise Linux devices and uses their resources for launching server-crashing attacks. Users can protect their devices by installing updates when appropriate and avoiding passwords that are at risk against brute-force hacking. When necessary, they also should remove the LeetHozer Botnet's Trojans through specialized anti-malware tools or reset their devices to factory conditions.
From Two Trojans Comes a Server-Crashing Hybrid
Taking single Trojans and adapting their code is SOP for nearly all threat actors, but it's less usual for two distinct programs to merge. The LeetHozer Botnet is, however, an apparent byproduct of just such a circumstance. Its campaign is running the simple stakes of DDoS attacks versus company servers, but with the help of techniques from both the Mirai Botnet and the Moobot Botnet.
The LeetHozer Botnet may be a complete replacement for 2019's Moobot Botnet, which demonstrated the threat actor's capacity for using various zero-day (or unpatched) exploits. The common ground between the two decentralized networks includes highly-specific internal strings and a downloading component that helps install the Trojan's bot. However, the LeetHozer Botnet's setup also includes distinct flavors of the Mirai Botnet: namely, its initial loader and the reporting component that contacts the Command & Control server for instructions.
The LeetHozer Botnet's instructions are in the form of Distributed-Denial-of-Service attacks, which use the accumulated resources of infected devices for imitating Web traffic and crashing their servers. Such DDoS attacks are, occasionally, 'pranks' or non-monetized attacks. However, malware analysts also associate them with for-profit campaigns for concealing fraudulent banking activity, as one example.
Shoving a Trojan Network Off Your Devices
Most forms of protection against DDoS attacks, and the Trojans that instigate them, involve prevention and foresight. Linux device owners malware researchers have yet to confirm cases of the LeetHozer Botnet in other environments) should be strict about installing any security patches and making every effort possible at avoiding embedded software vulnerabilities. They also should choose their passwords carefully in the case of remote admin services like telnetd, especially.
Companies who are on the receiving end of DDoS attacks should always have response plans prepared with proper team coordination and procedures for escalation as necessary. Network-centric security tools, from firewalls and virtual private networks to spam blockers, can offer various points of protection against ongoing Denial-of-Service attacks. Server redundancy and leveraging any cloud-based assets efficiently also are useful.
Although users of compromised devices aren't, usually, at direct risk of a DDoS, they should counteract the device's hijacking as soon as possible. Anti-malware tools compatible with the relevant Linux device may remove the LeetHozer Botnet's bot, and resetting to original conditions should always be possible.
The LeetHozer Botnet's hybridized formulation isn't extraordinary. Others, like the Dark_nexus Botnet, Fbot, and the Persirai Botnet, show similar examples of taking the Mirai Botnet and re-aiming it at new targets with 'something extra.' At worst, it shows that the problems that come of being lazy with one's passwords are far more complex than one might guess.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to LeetHozer Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.