Pierluigi Paganini October 27, 2018

Security researchers at FortiGuard Labs have discovered a new DDoS-for-hire service called “0x-booter” built with leaked code that implements an easy to use interface.

“0x-booter” first appeared on October 17, 2018,  a post published on Facebook advertises over 500 Gbps of power and 20,000 bots.

“During our regular monitoring, the FortiGuard Labs team recently discovered a new platform offering DDoS-for-hire service called “0x-booter.”” reads the analysis published by Fortinet.

“First appearing on October 17, 2018, 0x-booter is available to anyone who signs up on the website. As shown in the following figures, this service comes with an explicitly defined user interface which enables practically anyone to learn and use the service.” 

The DDoS-for-hire service is powered by the Bushido IoT botnet, experts at Fortinet believe the service has lower capabilities and fewer bots At the time of the analysis the 0x-booter’s service was able to carry out 424.825 Gbps attacks leveraging of 16,993 bots.

Anyway, this firepower is enough to create severe problems to target websites.

The DDoS-for-hire service allows users to power different attacks, primarily at the Transport and Application layers.

The prices for 0x-booter service range from $20 to $150, depending on various parameters, including the number of attacks, the duration of an attack, and customer support offered by the operators.

Researchers were able to uncover following JSON files that provided information on the service:

• typeattack.php – this file contains a list of every available DDoS method with its corresponding value of conducted attacks
• dateattack.php – this file contains a list of dates with the corresponding number of all attack methods conducted per day

According to the content of the second file, the service was used to power more than 300 attacks since Oct 14th.

The Bushido botnet is run by a group called ZullSec, it was first spotted by the security researchers at MalwareMustDie, the same that discovered the dreaded Mirai botnet.

“After analysing both the website and the botnet, we discovered that the codes used have been copy-pasted from an open source and modified for their own purposes.” continues the analysis.

“In fact, the 0x-booter website was based on another booter/ stresser called Ninjaboot, the source code of which was leaked in hacking forums last year. Even though the Bushido botnet has its own name, it still borrows a lot of its code from Mirai and is still considered a fork of Mirai.”

Pierluigi Paganini

(Security Affairs – DDoS-for-hire service, IoT botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]