Another family of DDoS bots: Avzhan

{{Publication
 * Image=
 * Legend=
 * Document=
 * Licence=
 * Type=Blogpost
 * Video=
 * Link=http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/ www.arbornetworks.com
 * Author=Jeff Edwards,
 * NomRevue=DDoS and Security Reports: The Arbor Networks Security Blog
 * Date=2010-09-22
 * Editor=Arbor Networks
 * Year=2010
 * ISBN=
 * Page=
 * Botnet=Avzahn,
 * Malware=,
 * ExploitKit=,
 * Campaign1=
 * Campaign2=
 * Campaign3=
 * Campaign4=
 * Campaign5=
 * Service1=
 * Service2=
 * Service3=
 * Service4=
 * Service5=
 * Vulnerability1=
 * Vulnerability2=
 * Vulnerability3=
 * Vulnerability4=
 * Vulnerability5=
 * CCProtocol=,
 * Operation=,
 * Abstract=Earlier this month, security researchers at Damballa published their findings regarding a new commercial DDoS service called IMDDOS. In addition to observing a number of samples of IMDDOS bots in our malware analysis sandboxes, we have also seen a significant number of samples recently from a new DDoS family which appears to be closely related to IMDDOS; we have been referring to this new malware family as “Avzhan” based on the host names of some of the initial malware distribution servers.  The IMDDOS and Avzhan families appear to have significant similarities in terms of their installation mechanisms, their DDoS attack engines, and certain aspects of their bot-to-CnC communications.  Both families tend to be controlled from Chinese IP space.

Malcode Properties
The Avzhan malware is distributed in the form of a small executable that is most commonly 45,056 bytes in size; we have also seen slightly larger samples (e.g. 45,568 or 46,080 bytes) as well. }}
 * Keyword=,