KT Connections Blog

KT Connections has been serving the Rapid City area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

100 Countries Hit By Android DDoS Malware

100 Countries Hit By Android DDoS Malware

In what is one of the first attacks of its kind, a botnet dubbed WireX swept across 100 countries, controlling over 120,000 IP addresses at its peak. The factor that made WireX so unique was the fact that the botnet was made up of Android-powered devices that had one of 300 malicious apps downloaded from the Google Play Store.

How It Works
WireX was designed to use HTTP requests to bombard their targets, directing as many as 20,000 requests to a target every second to use up the target’s server resources. This number of requests may not have been effective, if it weren’t for where WireX would direct its attack on the victim site. Rather than just sending 20,000 requests every second to the website as a whole, WireX would target specific pages that used more of the site’s resources. Search pages were frequently targeted for this reason.

Why Is WireX So Nasty?
There are a few factors that contribute to why WireX managed to cause such a big fuss, so quickly.

First off, although WireX is an Android-powered mobile botnet, the traffic it sends to the targeted website appears to be regular mobile browser traffic. This is a problem, because most experts who focus on defending companies from DDoS attacks utilize filters that help them to sort the malicious traffic out from the legitimate traffic. This is more difficult with WireX, as it includes its own fully-functioning browser that hides its information from the targeted system.

In addition to this, WireX also leverages SSL as a part of its attacks, which usually protects an Android user’s browser session. In this case, however, it only makes WireX more difficult to detect.

Defeating the DDoS
It ultimately took a team of experts from Cloudflare, Akamai, Flashpoint, Dyn, Google, Team Cymru and EiskIQ to stop WireX. The seven companies needed to pool their resources and data on WireX in order to identify it as a mobile-based attack, and then to identify the 300 malicious Google Play Store apps that delivered it. While these apps have not been named to the public, they were often media players, ringtones, or storage managers. Google has since blocked these apps from the Play Store, and has also removed them from the devices that were infected.

So, What Can You Do?
Your most effective defense against threats like WireX and other applications that sneak in malware is to simply not download applications that you don’t trust, as well as to educate employees on why they shouldn’t either. For more information on the latest threats and how you can protect yourself, call KT Connections at 605-341-3873.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 21 October 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Email Business Computing Cloud Internet hackers malware Network Security Google software Efficiency Data Business Ransomware Backup User Tips Microsoft Smartphone Small Business Windows Hosted Solutions Productivity Mobile Device Management IT Support Network IT Support Managed IT Services Computer Android Cloud Computing Mobile Devices Facebook Hardware Data Management Operating System Business Continuity Windows 10 Money VoIP Alert Antivirus data breach End of Support Apple Phishing Bandwidth IT Management Microsoft Office communications Outlook Unified Communications Outsourced IT Social Media IT Services Internet of Things Gmail Data storage Passwords Upgrade BDR security cameras Business Management Disaster Recovery Encryption Saving Money Data Recovery SaaS Information Technology Drones Start Menu History Artificial Intelligence Politics Networking Events App Data Backup Big Data vulnerability The Internet of Things Innovation Word Event Marketing Apps Managed IT Services Law Enforcement Local Buzz BYOD Robot Smartphones South Dakota Windows 10 WiFi Automation YouTube Best Practice Hard Drive IoT Server security solutions Google Wallet Spam Communication Firewall Legal Customer Service Search Productivity IBM Google Maps Nextiva Scam cybersecurity Save Money Lunch and Learn Computer Care Trend Micro Document Management Displays Sarbanes-Oxley Act Knowledge HaaS Managed IT password manager LastPass AtomBombing tool Cryptocurrency Workplace Tips Conference Business Comunications Email Security Proactive IT Running Cable Press Release Chamber of Commerce Fast food Google Play Store End User Testing VPN Bluetooth appointment Tech Terms Quick Tips Uninterrupted Power Supply Vendor Mangement user confidence Cleaning Office Tips News Touchscreen Music Cabling Digital Hacking Safety Office 365 Access Control Data Protection Business Mangement Websites Webcam Penetration Testing Update Access botnet attack Government camera Writing Patch Management Microsoft Bookings Data Security Social Corporate Profile LastPass communication device Remote Computing Programming Software as a Service Phishing Scams Gadgets Black Market Worker Spyware botnet Rebrand Virtual Reality macbook Redundancy Education booking process Audit Cloud Backup Google Drive Experience Hack business owner Rapid City Virus File Sharing IT Consultation Web Servers Analytics DDoS attacks Applications Retail Project Management Memory Event Maintenance Virtual Machines Telephony Sports Local Technology Solid State Drive Physical Security communication solutions Wireless Technology IoT Devices Law IT Workers IT Assessment Business Growth Internet 101 Cache Tips and Tricks vulnerabilities DDoS Managed Service Provider LiFi identity theft Mixer Fortinet Network Congestion Risk Creep VoIP Sales Tax Virtualization security precautions Collaboration Society Deep Learning Lawyers Streaming Media Samsung IT Strategy Visible Light Communication Internet Connected Devices Dell ’s Sonicwall Global Management System Microsoft Office 365 Emergency media experience Vendors Business Security IT for Oil Companies Remote Monitoring Windows 8 Office Laptop IT Solutions Windows XP Tablets Administration Business Technology Website Communications How To Password Microsoft Office 365 features information Community Involvement Printing Google Docs Risk Management Time Management Compliance face Tech Support Vendor Management Tablet Attorneys Disaster Advertising Phone System Flash Download Kaseya Unified Threat Management Browser enterprise productivity software surveillance cameras Printer Monitors SOX Managed Services Virtual Desktop Hosted Solution Hardware as a Service Content Filtering Settings healthcare Kaseya Connect Information Security scammers Text Messaging PDF Twitter IT Consultant Scalability network security professionals Computing Distributed Denial of Service scams G Suite Training Travel Playbook Language Processors Computer Malfunction Employer-Employee Relationship Sync Employer Employee Relationship Messenger Private Cloud breach methods Miscellaneous Microchip Digital Payment In Internet of Things Books Budget Taxes Motion Sickness Public Cloud Telephone Systems Reading Machine Learning Paperless Office Hiring/Firing Users Health Bring Your Own Device Administrator Banking Relocation Hacker 3D Printing base infrastructure CCTV Cost Management Hacks Phone Systen Automobile Holiday security solution IT service Web Server Unified Threat Management Work/Life Balance Notifications Meetings Social Engineering Business Metrics Mobility end-of-support date Ordinary Computers CrashOverride Marketing holiday season Emails Wi-Fi Rental Service collaboration capabilities Chromebook Downloads UTM Tracking Flexibility quantum computers holidays Supercomputer Documents Cortana Threat management Reliable Computing