LeetHozer Botnet
The LeetHozer Botnet is a network of Trojans that compromise Linux devices and uses their resources for launching server-crashing attacks. Users can protect their devices by installing updates when appropriate and avoiding passwords that are at risk against brute-force hacking. When necessary, they also should remove the LeetHozer Botnet's Trojans through specialized anti-malware tools or reset their devices to factory conditions.
From Two Trojans Comes a Server-Crashing Hybrid
Taking single Trojans and adapting their code is SOP for nearly all threat actors, but it's less usual for two distinct programs to merge. The LeetHozer Botnet is, however, an apparent byproduct of just such a circumstance. Its campaign is running the simple stakes of DDoS attacks versus company servers, but with the help of techniques from both the Mirai Botnet and the Moobot Botnet.
The LeetHozer Botnet may be a complete replacement for 2019's Moobot Botnet, which demonstrated the threat actor's capacity for using various zero-day (or unpatched) exploits. The common ground between the two decentralized networks includes highly-specific internal strings and a downloading component that helps install the Trojan's bot. However, the LeetHozer Botnet's setup also includes distinct flavors of the Mirai Botnet: namely, its initial loader and the reporting component that contacts the Command & Control server for instructions.
The LeetHozer Botnet's instructions are in the form of Distributed-Denial-of-Service attacks, which use the accumulated resources of infected devices for imitating Web traffic and crashing their servers. Such DDoS attacks are, occasionally, 'pranks' or non-monetized attacks. However, malware analysts also associate them with for-profit campaigns for concealing fraudulent banking activity, as one example.
Shoving a Trojan Network Off Your Devices
Most forms of protection against DDoS attacks, and the Trojans that instigate them, involve prevention and foresight. Linux device owners malware researchers have yet to confirm cases of the LeetHozer Botnet in other environments) should be strict about installing any security patches and making every effort possible at avoiding embedded software vulnerabilities. They also should choose their passwords carefully in the case of remote admin services like telnetd, especially.
Companies who are on the receiving end of DDoS attacks should always have response plans prepared with proper team coordination and procedures for escalation as necessary. Network-centric security tools, from firewalls and virtual private networks to spam blockers, can offer various points of protection against ongoing Denial-of-Service attacks. Server redundancy and leveraging any cloud-based assets efficiently also are useful.
Although users of compromised devices aren't, usually, at direct risk of a DDoS, they should counteract the device's hijacking as soon as possible. Anti-malware tools compatible with the relevant Linux device may remove the LeetHozer Botnet's bot, and resetting to original conditions should always be possible.
The LeetHozer Botnet's hybridized formulation isn't extraordinary. Others, like the Dark_nexus Botnet, Fbot, and the Persirai Botnet, show similar examples of taking the Mirai Botnet and re-aiming it at new targets with 'something extra.' At worst, it shows that the problems that come of being lazy with one's passwords are far more complex than one might guess.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.