silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
An odd botnet has been spotted targeting Fiberhome routers, in a quest to add 200 of them per day to its botnet web.
That’s a low number in the world of botnets, according to 360 Netlab researchers, which observed a previously unknown malware strain called Gwmndy (after the attackers’ domain name) infecting the targets.
“Unlike the typical botnets which try their best to infect as many victims as they can, this one has pretty much stopped looking for new bots after its active daily bot number reaches the low 200s,” 360 Netlab researchers said in a blog post on Friday. “It seems that the author is satisfied with the number, which probably provides enough proxy service for whatever purpose he needs.”
Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections
After infecting Fiberhome routers, its sole purpose seems to be setting up SOCKS5 proxies.
threatpost.com
Last edited: