Dark_nexus botnet outstrips other malware with new, potent features

In The Name OF Allah
Al-Salam Alekum

[Image: net.jpg]

Actually you need to read the detail on the source... something cool.

Quote:On Wednesday, researchers from cybersecurity firm Bitdefender said the new botnet, dubbed "dark_nexus," packs a range of features and capabilities that go beyond those typically found in today's botnets.

Dark_nexus, named so due to strings printed on its banner, has code links to both Mirai and Qbot, but the team says the majority of the botnet's functions are original.

"While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust," Bitdefender says.

Dark_nexus has existed for three months and during this time, three different versions have been released. Honeypots have revealed that there are at least 1,372 bots connected to the botnet, with the majority being hosted in China, the Republic of Korea, Thailand, and Brazil.

"Much like the scanners employed by other widespread botnets [...] the scanner is implemented as a finite state machine modeling the Telnet protocol and the subsequent infection steps, in which the attacker issues commands adaptively based on the output of previous commands," Bitdefender explained.

The Source
Wa Salam Alekum

* This article was originally published here