This was a weekend of record-breaking DDoS attacks. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% […]
Tag Archives: botnet
Inside the infamous Mirai IoT Botnet: A Retrospective Analysis
This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited. This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised […]
Mayhem Malware Server Botnet Continues to Evolve
Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a shared object and running as a service. This also allows the malware to operate under restricted privileges, and is difficult to clean up effectively – even if an infected site gets restored […]
The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack
Introduction On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed […]
IoT Home Router Botnet Leveraged in Large DDoS Attack
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed across 47,000 IP addresses and has been pushing over 120,000 HTTPS requests per second (RPS) to the website. Unlike volumetric attacks that target the network link (measured in… […]
Behind the Malware – Botnet Analysis
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerability led to massive website compromises in 2015, was being leveraged again in an attempt to infect websites over a year since its initial disclosure. The original hack required sending an AJAX request containing the action revslider_ajax_action toRead […]
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make an educated guess. Our main business is preventingRead […]
Malicious Google Analytics Referral Spam
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems. If you use analytics software on yourRead […]
Patching the Internet in Realtime: Fixing the Current WordPress Brute Force Attack
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of […]