A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.
Bondnet Botnet performance seems highly sophisticated and everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.
This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.
This Botnet Attack performing Mostly for Financial Motivation and earning thousands of $ each and every day According to Guardicore Report.
Bondnet Botnet Flow (Source :GuardiCore)
Compromised Windows Servers
According to GuardiCore Report Compromised Servers all are Windows Servers including “Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 ,Windows Server 2012 R2”
Researchers Said ,While most victims are used for mining, other victims are used to conduct attacks, serve up malware files or host the C&C servers. The attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.
Compromised Victims Strategy
Basic Indication of all these attacks using Visual basic files download and install cryptocurrency miner and a remote access trojan (RAT) .
GuardiCore Stats uncovered include known phpMyAdmin configuration bugs, exploits in JBoss, Oracle Web Application Testing Suite, ElasticSearch, MSSQL servers, Apache Tomcat, Oracle Weblogic and other common services.
“According to the Infection report, 500 new machines are added daily to the attacker’s network and around the same number of machines is delisted and Bondnet victims are distributed across 141 countries in 6 continents .”
Most of the Victims are used for mine different cryptocurrencies and serve up malware files or host the C&C servers.
By hiding these machines among legitimate servers the attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.