Level 30
Feb 4, 2016
Operating System
Windows 8.1

The operators of a gaming server rental business are believed to have built an IoT DDoS botnet, which they are now offering as part of the server rental scheme.

The prime and pretty obvious clue that ties this new IoT botnet — named JenX— with the gaming server rental service is the IoT's command-and-control server, located at

The botnet's C&C server is found on the same server and domain used by the gaming server rental business —San Calvicie (

Botnet most likely used for DDoS-for-hire feature
Researchers from cyber-security firm Radware, who discovered this new botnet, say JenX is likely the botnet that powers a DDoS function included in one of San Calvicie's rental offers —named "Corriente Divina."

For $16, users can rent a GTA San Andreas multiplayer modded server, for $9 they can rent a Teamspeak server, and for an additional $20 users can launch DDoS attacks of between 290 and 300 Gbps, according to the San Calvicie site.

The San Calvicie service claims the botnet can carry out Valve Source Engine Query and 32bytes DDoS floods. They also advertise a "Down OVH" option, suggesting their botnet is large enough to cause problems even for the world's largest ISP and VPS providers.
Not currently a threat
For now, Radware also points out the botnet is not a serious threat. "Unless you frequently play GTA San Andreas, you will probably not be directly impacted," Geenens said.

"The botnet is supposed to serve a specific purpose and be used to disrupt services from competing GTA SA multiplayer servers. I do not believe that this will be the botnet that will take down the internet," Geenens added.

"But it does contain some interesting new evolutions and it adds to a list of IoT botnets that is growing longer and faster every month! That said, there is nothing that stops one from using the cheap $20 per target service to perform 290Gbps attacks on business targets and even government related targets. I cannot believe the San Calvicie group would oppose to it."