Smoke Loader is a botnet software that is publicly available since 2011 on the black market. It is old but still active, just in the last six months we [...]
从2018年9月20号开始,360Netlab Anglerfish蜜罐系统监测到互联网上有大量IP正在针对性地扫描路由器系统。攻击者尝试对路由器Web认证页面进行口令猜解或者通过dnscfg.cgi漏洞利用绕过身份认证,然后通过相应DNS配置接口篡改路由器默认DNS地址为Rogue DNS Server[1] 。
These days, it feels like new mining malwares are popping up almost daily and we have pretty much stopped blogging the regular ones so we don’t flood our [...]
DDG is a mining botnet mainly focusing on SSH, Redis databases and OrientDB database servers. We captured the first DDG botnet on October 25, 2017, and [...]
Author: Zhang Zaifeng, yegenshen, RootKiter, JiaYuOn July 18, in an officially released routine patch update, Oracle fixed CVE-2018-2893, an Oracle [...]
Author: Rootkiter, yegenshenHNS is an IoT botnet (Hide and Seek) originally discovered by BitDefender in January this year. In that report, the researchers [...]
Two days ago, on 2018-06-14, we noticed that an updated Satori botnet began to perform network wide scan looking for uc-httpd 1.0.0 devices. Most likely [...]
DDG is a mining botnet that specializes in exploiting SSH, Redis database and OrientDB database servers. We first caught it on October 25, 2017, at that [...]
This article was co-authored by Hui Wang, Rootkiter and Yegenshen.It looks like this GPON party will never end. We just found TheMoon botnet has join the party.
This article was co-authored by Hui Wang, LIU Ya, Rootkiter and Yegenshen.In our previous articles I and II of this series, we mentioned that since the [...]
This article was co-authored by Rootkiter, Yegenshen, and Hui Wang.In our previous article, we mentioned since this GPON Vulnerability (CVE-2018-10561, [...]
On May 1st, VPN Mentor disclosed two vulnerabilities against GPON home router. Since then, at least 5 botnet families have been actively exploiting the [...]