Articles Fodcha botnet attacks over 100 victims daily

Fodcha botnet attacks over 100 victims daily


Qihoo 360 (360 Netlab) experts report the discovery of a new Fodcha botnet that launches DDoS attacks on hundreds of victims every day. According to the company, the threat is growing rapidly and is replenished with new bots, including routers, DRVs and vulnerable servers.

From March 29 to April 10, the Fodcha botnet included more than 62,000 devices. The number of unique IP addresses associated with the malware fluctuates, with experts monitoring around 10,000 Fodcha bots using Chinese IP addresses every day, with most of them using the services of China Unicom (59.9%) and China Telecom (39.4%).

“Based on direct data we received from the information security community, the number of “live” bots daily exceeds 56,000,” the experts write. “The infestation looks pretty massive, with over 10,000 active bots (IPs) registered daily in China alone, as well as over 100 DDoS attack victims daily.”

Fodcha is known to infect new devices using exploits designed to exploit vulnerabilities in a number of devices, as well as the Crazyfia brute force tool. The list of devices and services that Fodcha attacks include:

Fodcha operators use the results of Crazyfia scans to gain access to vulnerable devices and then deploy malware payloads on them. Experts write that the botnet can be capable of MIPS, MPSL, ARM, x86 and other architectures.

The botnet is known to have been using folded[.]in as the domain for the command and control server since January 2022, and switched to fridgexperts[.]cc in March when the cloud service provider disabled the first domain.

“The new C&C server maps to more than a dozen IP addresses and is distributed across multiple countries including the US, Korea, Japan and India, and more cloud providers associated with it, including Amazon, DediPath, DigitalOcean, Linode and many more,” – noted in the Qihoo 360 report.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you