One of 1st-known Android DDoS malware infects phones in 100 countries


Level 26
Content Creator
Feb 4, 2016
Windows 8.1
Last year, a series of record-setting attacks hitting sites including KrebsOnSecurity and a French Web host underscored a new threat that had previously gone overlooked: millions of Internet-connected digital video recorders and similar devices that could easily be wrangled into botnets that challenged the resources of even large security services.

Now, for one of the first times, researchers are reporting a new platform recently used to wage powerful denial-of-service attacks that were distributed among hundreds of thousands of poorly secured devices: Google's Android operating system for phones and tablets. The botnet was made up of some 300 apps available in the official Google Play market. Once installed, they surreptitiously conscripted devices into a malicious network that sent junk traffic to certain websites with the goal of causing them to go offline or become unresponsive.
By spreading the attacks among so many phones all over the world and hiding them inside common Web requests, the attackers made it hard for the companies that defend against DDoS attacks to initially figure out how they worked. The attacks bombarded targets with as many as 20,000 HTTP requests per second in an attempt to exhaust server resources.

A volume of 20,000 requests per second may not sound like a big attack, but, depending on where they are directed, they can be significant. By funneling them into a target's search page, for instance, the malicious requests can consume major amounts of computing power. Justin Paine, a researcher with one of seven security organizations that helped to neutralize WireX, said he and his colleagues believe the takedown came as the botnet was still in its infancy, as operators were in the process of increasing its firepower.