It is usually rare for the sponsors of a botnet to pull the plug themselves. A botnet is a network of machines infected with malware that hackers can control remotely. There are several types of botnets depending on their purpose. For example, some botnets are primarily designed to carry out particularly long, intense and difficult to thwart DDoS type attacks.
KmsdBot is a botnet specializing in cryptocurrency mining on a wide range of devices and architectures. It can also carry out DDoS attacks. First detected in November 2022 by Akamai researchers KmsdBot targets both Windows and Linux PCs as well as a variety of WiFi routers.
This huge crypto botnet just fell “by accident”
The malware is further able to penetrate machines via SSH and even attack weak passwords by brute force. KmsdBot has become over the weeks a huge network of zombie machines, which, once infected, dedicate part of their resources to mining cryptocurrencies. This obviously impacts performance, and causes victims to consume additional electricity.
The network is said to have managed to infiltrate high-profile targets, including game developers, tech companies and luxury car manufacturers. And as such, it has been closely observed since its discovery by Akamai researchers. This is how the latter detected a blunder by the pirates which ended up completely destroying the network.
Apparently, the backers of KmsdBot attempted to use the botnet to bring down the bitcoin.com site under a massive DDoS attack. The researcher explains: “What’s interesting is that after a single badly formatted command, the bot stopped transmitting messages. It’s not every day that you come across a botnet that its own authors have managed to crash”quips Larry W. Cashdollar, researcher at Akamai.
In detail, it was a single forgotten space in the command that crashed the entire botnet. Hackers have indeed forgotten to separate the address of their target and the target port in the request sent to KmsdBot. After this error, it became completely impossible to communicate with the botnet.
Akamai thinks that this bug comes from the fact that the developers of the malware obviously did not consider it necessary to implement protection against errors. In fact, KmsdBot officials are off to start from scratch – according to researchers it is no longer possible for hackers to reactivate KmsdBot after this erroneous command.