Accidental Death of Botnet Due to Typing Error
Security researchers at Akamai recently made a surprising discovery while analyzing a prolific botnet known as “KmsdBot.” In a twist of fate, the botnet was unintentionally killed off due to a coding error that was equivalent to a typing mistake.
Botnet Description
The KmsdBot, which is based on the Golang programming language, is designed to infect machines through SSH and weak credentials. Once compromised, the botnet has the capability to launch DDoS attacks and cryptomining campaigns, with a particular focus on industries such as gaming, technology, and luxury cars.
Testing the Botnet
As part of their research, Akamai decided to test the command and control (C2) functionality of the botnet. They created a controlled environment by modifying a recent sample of KmsdBot to communicate with an IP address within the RFC 1918 address space.
According to Larry Cashdollar, principal security intelligence response engineer at Akamai, “After one single improperly formatted command, the bot stopped sending commands.” The fatal command lacked a space between the target website and the port, causing the entire botnet to crash.
Technical Details
The reason for the botnet’s demise was its lack of error-checking mechanisms in the code. Without proper validation of command formats, any slight deviation could lead to a crash. In this case, the erroneous command triggered a “index out of range” error, halting all communication with infected machines.
Implications
Remarkably, the KmsdBot also lacked persistence on infected machines, meaning that the botnet operators would need to start from scratch to reinfect machines. Cashdollar noted, “It’s not often we get this kind of story in security. In our world of zero days and burnout, seeing a threat that can be mitigated with the coding equivalent of a typo is a nice story.”
Despite targeting high-profile luxury brands and gaming companies, the botnet’s downfall serves as a reminder of the importance of thorough code validation and error handling in cybersecurity.
For more cybersecurity insights and updates, stay tuned to our blog.