Flusihoc botnet involved in thousands of DDoS attacks

Flusihoc DDoS botnet first started creeping around back in 2015 and it stood out of the sea of malware parasites as a professionally designed threat. It is a versatile C++ infection and its capabilities extend to a variety of DDoS attacks. It is considered to be capable of pursueing SYN, ICMP, TCP, CON and other types of DDoS strategies.

Its Command and Control servers are speculated to be located somewhere in China or are operated by people who speak Chinese. When the Flusihoc botnet aims to establish contact with its owners, it could receive specific commands, concealed behind secret codes. Take a look at the commands that are sent to Flusihoc botnet and their meaning:

Flusihoc virus

1: bot has to send information about the infected device to hackers. This includes technical information about.
22: bot has to look for malicious payloads for the attack. If they are not found, Command&Control servers will provide them.
333: bot has to start the attack.
444: bot has to conclude the attack.

Even though this malware has been threatening online communities ever since 2015, its activity is far from over. Hackers construct new and improved versions of Flusihoc botnet and continue with DDoS attacks. Its activity over the summer was especially evident due to approximately 900initiated attacks. One of the most successful of them reached 45.08 Gbps. Furthermore, even those that were not this well-played were able to abrupt operations of targeted domains.

In total, the Flusihoc malware is linked with 154 Command & Control servers and they have implemented 24,137 DDoS sabotages since July of 2015. Even though this botnet for DDoS attacks is not discussed frequently, it is one of the threats that website owners should worry. We propose users to learn about DDoS mitigation services and run them on domains.

Lastly, Flusihoc DDoS botnet probably belongs to hacker(s) from China. This is very likely as recently, there has been an increase in the DDoS attacks in China. Security researchers predict that it is a part of a financially motivated booter service in China.

Source: arbornetworks.com.

 

About the author

 - Virus researcher
I’m a virus researcher and my field of specialization involves but is not limited to the newly-developed ransomware variants. In my opinion, crypto-viruses are highly-underestimated and some Internet users have very few opportunities to learn about their symptoms before it is too late. Our goal here in 2-viruses.com is to make sure that crucial information about the most relevant malware samples would be available for everyone.
 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *