Shulou(Shulou.com)06/03 Report--

While the Internet brings convenience to people, its disclosure of a large number of resources also brings convenience to malicious users. more and more open malicious program source code reduces the difficulty of external security, which makes the security problem more serious.

The Aliyun security team monitored a BOT family in May this year, and its sample was rewritten from the Internet open channel source code and widely spread on the Internet, causing great harm. The cloud security team analyzed, clustered and traced the source of this kind of sample, and here we named it QBotVariant.

QBotVariant has DDoS***, backdoor, downloader, brute force cracking and other functions. Once it is *, it becomes a broiler. Its main mode of transmission is through unauthorized access vulnerabilities of Hadoop Yarn resource management system REST API and brute force cracking based on weak passwords. Similar to Mirai, the BOT family aims at multiple versions of the operating system, not only the server is compromised, but also IOT devices such as CCTV monitoring and home routing are more vulnerable. Pascal Geenens of Radware company mentioned this kind of sample in his latest blog "New DemonBot Discovered", but the IP, sample and other information he found is only one of the samples of this kind of family. From the monitoring to more than 30 download servers, we can see that the changeable IP and binary sample variants of QBotVariant make it difficult to find and track.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.