Hacking

A few dollars to bring down sites with new Bushido-based DDoS-for-hire service

Security researchers at FortiGuard Labs have discovered a new DDoS-for-hire service called “0x-booter” built with leaked code that implements an easy to use interface.

0x-booter” first appeared on October 17, 2018,  a post published on Facebook advertises over 500 Gbps of power and 20,000 bots.

“During our regular monitoring, the FortiGuard Labs team recently discovered a new platform offering DDoS-for-hire service called “0x-booter.”” reads the analysis published by Fortinet.

“First appearing on October 17, 2018, 0x-booter is available to anyone who signs up on the website. As shown in the following figures, this service comes with an explicitly defined user interface which enables practically anyone to learn and use the service.” 

The DDoS-for-hire service is powered by the Bushido IoT botnet, experts at Fortinet believe the service has lower capabilities and fewer bots At the time of the analysis the 0x-booter’s service was able to carry out 424.825 Gbps attacks leveraging of 16,993 bots.

Anyway, this firepower is enough to create severe problems to target websites.

 

The DDoS-for-hire service allows users to power different attacks, primarily at the Transport and Application layers.

The prices for 0x-booter service range from $20 to $150, depending on various parameters, including the number of attacks, the duration of an attack, and customer support offered by the operators.

Researchers were able to uncover following JSON files that provided information on the service:

  • typeattack.php – this file contains a list of every available DDoS method with its corresponding value of conducted attacks
  • dateattack.php – this file contains a list of dates with the corresponding number of all attack methods conducted per day

According to the content of the second file, the service was used to power more than 300 attacks since Oct 14th.

The Bushido botnet is run by a group called ZullSec, it was first spotted by the security researchers at MalwareMustDie, the same that discovered the dreaded Mirai botnet.

“After analysing both the website and the botnet, we discovered that the codes used have been copy-pasted from an open source and modified for their own purposes.” continues the analysis.

“In fact, the 0x-booter website was based on another booter/ stresser called Ninjaboot, the source code of which was leaked in hacking forums last year. Even though the Bushido botnet has its own name, it still borrows a lot of its code from Mirai and is still considered a fork of Mirai.”

Experts pointed out that would-be crooks with just a few clicks, a few dollars, and a little knowledge about botnet can power severe attacks and cause great damage.
Technical details about the service are included in the analysis published by Fortinet.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DDoS-for-hire service, IoT botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

1 hour ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

15 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

22 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.