Another family of DDoS bots: Avzhan
(Publication) Google search: [1]
| Another family of DDoS bots: Avzhan | |
|---|---|
| Botnet | Avzahn |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2010 / 2010-09-22 |
| Editor/Conference | Arbor Networks |
| Link | http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/ (Archive copy) |
| Author | Jeff Edwards |
| Type | Blogpost |
Abstract
“ Earlier this month, security researchers at Damballa published their findings regarding a new commercial DDoS service called IMDDOS. In addition to observing a number of samples of IMDDOS bots in our malware analysis sandboxes, we have also seen a significant number of samples recently from a new DDoS family which appears to be closely related to IMDDOS; we have been referring to this new malware family as “Avzhan” based on the host names of some of the initial malware distribution servers. The IMDDOS and Avzhan families appear to have significant similarities in terms of their installation mechanisms, their DDoS attack engines, and certain aspects of their bot-to-CnC communications. Both families tend to be controlled from Chinese IP space.
Malcode Properties
The Avzhan malware is distributed in the form of a small executable that is most commonly 45,056 bytes in size; we have also seen slightly larger samples (e.g. 45,568 or 46,080 bytes) as well.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1404,
editor = {Arbor Networks},
author = {Jeff Edwards},
title = {Another family of DDoS bots: Avzhan},
date = {22},
month = Sep,
year = {2010},
howpublished = {\url{http://www.arbornetworks.com/asert/2010/09/another-family-of-ddos-bots-avzhan/}},
}