Home Malware Programs Botnets MedusaHTTP

MedusaHTTP

Posted: August 16, 2019

MedusaHTTP is a botnet Trojan that uses the computers it infects for launching website traffic-flooding attacks. As an update to the previous MedusaIRC, it features a revamped C&C infrastructure and is rentable to third-party criminals, making for unpredictable infection methods. Users can practice safe browsing habits and use anti-malware programs for deleting MedusaHTTP, and targets of its flooding attacks can implement precautions such as strict firewall policies.

Petrifying Websites Using Your PC

Like any Black Market business, DDoSing Trojans require maintenance and updates for keeping abreast of countermeasures developed by the cyber-security industry, as well as keeping pace with their competition. MedusaHTTP is a revamp of not just one, but two, old projects: MedusaIRC, another botnet Trojan from the same author, and the Diamond Fox, from a third-party. The merging of these components and a change in philosophy towards HTTP-style flooding attacks makes MedusaHTTP into a competitive successor in its illegal business.

As one might think from its name, MedusaHTTP no longer uses IRC or Internet Relay Chat for its Command & Control communications. Its replacement uses HTTP, with various elements, such as its admin panel, 'borrowed' from a publicly-leaked version of Diamond Fox. The bot sends a POST request containing some system information to the admin, who responds with any of various commands. Invariably, the bulk of these instructions involve crashing external websites by flooding them. Malware experts outline such flooding techniques as UDP, TCP, POST, HTTP GET, and others, including verification-bypassing tactics.

None of these attacks target the infected computer, although they do use the system's resources without the user's consent. MedusaHTTP also includes at least one non-DDoS-related function: downloading and executing other files. MedusaHTTP infections can, therefore, escalate by dropping other Trojans onto a compromised PC with entirely different symptoms and payloads.

Keeping Website-Stoning Menaces from Spreading

MedusaHTTP and its MedusaIRC predecessor are capable of making thousands of traffic requests per second with just several bots, which places more strain on the infected hardware. A botnet Trojan is capable of interfering with Internet connectivity and router settings and may, but will not necessarily, cause issues such as websites refusing to load. Meanwhile, the targets of these floods experience server crashes that can, for example, facilitate compromises of bank accounts and fraudulent transactions.

Distribution channels for MedusaHTTP's predecessor are known for using the RIG Exploit Kit, and many, for-hire Trojans employ similar methods of compromising their victims. You can render your browser safer from such attacks by disabling Flash, JavaScript, and Java, and by installing security fixes for covering well-known vulnerabilities. Other distribution possibilities for MedusaHTTP in various administrators' hands include e-mail spam, malvertising, brute-force attacks against poorly-secured servers, or fake torrents.

Disabling network connections will both prevent MedusaHTTP from flooding other websites and stop it from receiving additional commands that could involve attacking your computer. Anti-malware products for Windows environments should if allowed to scan your computer, remove MedusaHTTP safely in necessary scenarios.

Easy-to-use tools in criminal cyber-crime, inevitably, make for more attacks against innocent PC owners. MedusaHTTP is a mythology-themed memo that front end bandwidth managers, blackhole routing, and other defenses against Internet-abusing threats are fron-line defenses in an online war.

Loading...