Another family of DDoS bots: Avzhan

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Another family of DDoS bots: Avzhan
Botnet Avzahn
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2010 / 2010-09-22
Editor/Conference Arbor Networks
Link http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/ (Archive copy)
Author Jeff Edwards
Type Blogpost

Abstract

Earlier this month, security researchers at Damballa published their findings regarding a new commercial DDoS service called IMDDOS. In addition to observing a number of samples of IMDDOS bots in our malware analysis sandboxes, we have also seen a significant number of samples recently from a new DDoS family which appears to be closely related to IMDDOS; we have been referring to this new malware family as “Avzhan” based on the host names of some of the initial malware distribution servers. The IMDDOS and Avzhan families appear to have significant similarities in terms of their installation mechanisms, their DDoS attack engines, and certain aspects of their bot-to-CnC communications. Both families tend to be controlled from Chinese IP space.

Malcode Properties

The Avzhan malware is distributed in the form of a small executable that is most commonly 45,056 bytes in size; we have also seen slightly larger samples (e.g. 45,568 or 46,080 bytes) as well.

Bibtex

 @misc{Edwards2010BFR1404,
   editor = {Arbor Networks},
   author = {Jeff Edwards},
   title = {Another family of DDoS bots: Avzhan},
   date = {22},
   month = Sep,
   year = {2010},
   howpublished = {\url{http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/}},
 }