BlackEnergy competitor – The 'Darkness' DDoS bot

Jump to navigation Jump to search

(Publication) Google search: [1]

BlackEnergy competitor – The 'Darkness' DDoS bot
Botnet Darkness, BlackEnergy
Malware Darkness (bot)
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2010 / 5 décembre 2010
Editor/Conference Shadowserver Foundation
Link (Archive copy)
Author André M. DiMino, Mila Parkour


Just recently, I began watching the activity of a new DDoS bot that has been quite active over the past few weeks targeting a fairly large variety of websites. What I also found interesting was that this is not the usual prolific BlackEnergy botnet, but a botnet called “Destination Darkness Outlaw System”(D.D.O.S), aka “Darkness”.

As with BlackEnergy, “Darkness” is easy to purchase, easy to deploy, and is very effective and efficient in what it does. This particular version of “Darkness” is using the domains and for its command and control (C&C). As we will discuss later, a third domain,, was also utilized but is no longer available now. Since November 12 of this year, we have seen over 100 different hosts targeted by ''. Initially, the botnet's attacks seem localized and against various MU Online gaming sites, but eventually, it was seen targeting more high profile sites in the financial, insurance, cosmetics, clothing, accessories, and gifts industries.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR837,
   editor = {Shadowserver Foundation},
   author = {André M. DiMino, Mila Parkour},
   title = {BlackEnergy competitor – The 'Darkness' DDoS bot},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2010},
   howpublished = {\url{}},