- Joined
- May 15, 2016
- Messages
- 13,886
- Likes
- 2,643
- Points
- 1,730
Specialists managed to only partially disable the infrastructure of one of the largest Chinese botnets.
Qihoo 360 specialists have revealed details about one of the largest botnets in China called DoubleGuns. This botnet only attacks Chinese users and has millions of victims.
DoubleGuns is a Trojan for infecting Windows devices. The malware has been in use since July 2017, when researchers at Qihoo 360 first discovered its early version. Over the past three years, the trojan has changed little. It still gets to devices through infected applications (mainly unlicensed games) distributed on Chinese sites (social networks and gaming forums).
The main task of the malware remains the same - installing MBR and VBR bootkits, as well as all kinds of malicious drivers on devices, followed by theft of credentials for authorization in local applications, especially Steam. In addition, it plays the role of a module for displaying ads and spam.
Older versions of DoubleGuns also intercepted the traffic of legitimate e-commerce portals and redirected users to their malicious copies. However, in the latest versions of the trojan this functionality is missing.
When the botnet reached such a size that it could no longer be ignored, Qihoo 360 specialists collaborated with colleagues from Baidu to destroy it. On May 14 this year, they carried out a joint operation to disable a number of elements of the botnet’s infrastructure, most of which used Tieba’s image hosting service owned by Baidu. However, disabling the botnet is temporary, as the rest of its infrastructure is still working.
__________________
Qihoo 360 specialists have revealed details about one of the largest botnets in China called DoubleGuns. This botnet only attacks Chinese users and has millions of victims.
DoubleGuns is a Trojan for infecting Windows devices. The malware has been in use since July 2017, when researchers at Qihoo 360 first discovered its early version. Over the past three years, the trojan has changed little. It still gets to devices through infected applications (mainly unlicensed games) distributed on Chinese sites (social networks and gaming forums).
The main task of the malware remains the same - installing MBR and VBR bootkits, as well as all kinds of malicious drivers on devices, followed by theft of credentials for authorization in local applications, especially Steam. In addition, it plays the role of a module for displaying ads and spam.
Older versions of DoubleGuns also intercepted the traffic of legitimate e-commerce portals and redirected users to their malicious copies. However, in the latest versions of the trojan this functionality is missing.
When the botnet reached such a size that it could no longer be ignored, Qihoo 360 specialists collaborated with colleagues from Baidu to destroy it. On May 14 this year, they carried out a joint operation to disable a number of elements of the botnet’s infrastructure, most of which used Tieba’s image hosting service owned by Baidu. However, disabling the botnet is temporary, as the rest of its infrastructure is still working.
__________________