Wirex Android DDoS Malware Adds UDP Flood
- by nlqip
Figure 5. 60 seconds C&C polling interval
However, although the malware is still evolving, it has good market differentiation in its HTTP functionality. Being based on Android’s WebView class, the thingbot is better equipped with browser-like functionality, making it more resistant to various bot challenges, such as cookie support, redirects, and JavaScript, which are still an obstacle for many DDoS malwares.
At those stages, the mitigation is quite simple because there are streaming HTTP request patterns, such as the empty “X-Requested-With” header, which is also sent in lowercase, although it’s uppercase in the code. Also, although the bot supports JavaScript processing, it isn’t able to pass more sophisticated browser challenges that rely on more advanced browser integrity checks.
Behavioral DDoS solutions will relatively easily spot the random user-agent strings and additional anomalies in the HTTP requests sent by the botnet.
The WireX malware still seems to be in its QA phase, judging by the many slightly different variants in the wild and the limited attack types and functionality it currently provides. Stay tuned for further developments.
Source link
lol
Figure 5. 60 seconds C&C polling interval However, although the malware is still evolving, it has good market differentiation in its HTTP functionality. Being based on Android’s WebView class, the thingbot is better equipped with browser-like functionality, making it more resistant to various bot challenges, such as cookie support, redirects, and JavaScript, which are…
Recent Posts
- The 10 Hottest Semiconductor Startups Of 2024
- Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
- Healthcare Ransomware Attacks: How to Prevent and Respond Effectively | BlackFog
- Black Friday Versus The Bots
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs