The Hermes botnet has
been developed to try to discover access
credentials to servers or other services by distributed brute force attacks.
We
are facing a botnet with a control panel almost identical to that used by the
Zeus Trojan but with different functionalities.
It uses
infected zombies users by the Trojan as attack vectors to spread the work
process between them and that each infected computer perform multiple
authentication attempts against the target machine. So we have an incredible
Distributed Brute Force tool.
Here there
is the Control Panel of the Hermes Botnet:
the greater
number of compromised machines that command the panel greater brute force
attack power, by throwing thousands of authentication attempts from different
IP's.
This gets
further confuse at security systems of attacked hosts by participating in the
incident a variety of machines from different IP's simultaneously, making it
difficult to block these IP's because is quite difficult to account for
continuous requests from the same IP as the
classic brute force attack incident.
In the
settings menu shows the list of passwords to be used for brute force attack
In the
Import option from the Panel Menu is selected the target machine against to
perform the distributed brute force attack and the name of the file that have
been previously uploaded with a list of usernames which will be launched the
authentication attempts against the victim host with the combinations pair of
username / password above
In this
panel Hermes that was analyzed is seen how criminals have used it for testing
using files with the IP address ranges of active machines that are hosted on
Dreamhost and Godaddy USA ISP. And also the list of the files containing the
list of usernames for the brute force attack.
The Usernames
files contain list of people surnames & names to test.
AT Note
option from panel can be seen how thousands of requests have been made against
Godaddy addresses to test the HERMES Panel.
On day
05/12/2012 , 513.000 brute force authentication attempts were made against
Godaddy serves at 18:15. 410,000 brute force
authentication attempts were made at 21:15. 481.460 brute force authentication attempts were made at 22:44
......... etc
No hay comentarios:
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.