KT Connections Blog

KT Connections has been serving the Rapid City area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

100 Countries Hit By Android DDoS Malware

100 Countries Hit By Android DDoS Malware

In what is one of the first attacks of its kind, a botnet dubbed WireX swept across 100 countries, controlling over 120,000 IP addresses at its peak. The factor that made WireX so unique was the fact that the botnet was made up of Android-powered devices that had one of 300 malicious apps downloaded from the Google Play Store.

How It Works
WireX was designed to use HTTP requests to bombard their targets, directing as many as 20,000 requests to a target every second to use up the target’s server resources. This number of requests may not have been effective, if it weren’t for where WireX would direct its attack on the victim site. Rather than just sending 20,000 requests every second to the website as a whole, WireX would target specific pages that used more of the site’s resources. Search pages were frequently targeted for this reason.

Why Is WireX So Nasty?
There are a few factors that contribute to why WireX managed to cause such a big fuss, so quickly.

First off, although WireX is an Android-powered mobile botnet, the traffic it sends to the targeted website appears to be regular mobile browser traffic. This is a problem, because most experts who focus on defending companies from DDoS attacks utilize filters that help them to sort the malicious traffic out from the legitimate traffic. This is more difficult with WireX, as it includes its own fully-functioning browser that hides its information from the targeted system.

In addition to this, WireX also leverages SSL as a part of its attacks, which usually protects an Android user’s browser session. In this case, however, it only makes WireX more difficult to detect.

Defeating the DDoS
It ultimately took a team of experts from Cloudflare, Akamai, Flashpoint, Dyn, Google, Team Cymru and EiskIQ to stop WireX. The seven companies needed to pool their resources and data on WireX in order to identify it as a mobile-based attack, and then to identify the 300 malicious Google Play Store apps that delivered it. While these apps have not been named to the public, they were often media players, ringtones, or storage managers. Google has since blocked these apps from the Play Store, and has also removed them from the devices that were infected.

So, What Can You Do?
Your most effective defense against threats like WireX and other applications that sneak in malware is to simply not download applications that you don’t trust, as well as to educate employees on why they shouldn’t either. For more information on the latest threats and how you can protect yourself, call KT Connections at 605-341-3873.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 16 December 2017
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices hackers Technology Email Privacy Business Computing Cloud Internet malware Network Security Google software Business Ransomware Efficiency User Tips Data Backup IT Support Microsoft Computer Facebook Hardware Productivity IT Support Network Smartphone Small Business Windows Hosted Solutions Mobile Device Management Managed IT Services Gmail cybersecurity VoIP Android Money Microsoft Office Artificial Intelligence IT Management Phishing communications Data Management Business Continuity Mobile Devices Operating System Cloud Computing Antivirus Smartphones Alert Outlook Update Bandwidth IT Services Outsourced IT Data storage Windows 10 Unified Communications Upgrade Social Media Internet of Things security cameras Disaster Recovery Business Management Passwords Communication BDR Nextiva Windows 10 data breach End of Support Apple Encryption Saving Money Managed IT Services Document Management Law Enforcement SaaS Robot Information Technology News Data Backup Events Access Control Word Patch Management Event Marketing Networking Local Buzz Automation Big Data The Internet of Things Apps South Dakota Cost Management Project Management BYOD Analytics Gadgets Hard Drive security solutions Google Wallet Collaboration Google Docs WiFi IoT Legal Firewall YouTube Server Best Practice Remote Monitoring Productivity Customer Service Search IBM Drones Spam Google Maps History Scam Lunch and Learn Politics Data Recovery Browser vulnerability Start Menu Innovation App Save Money Office 365 Webcam LastPass Uninterrupted Power Supply Tech Terms Vendor Mangement Touchscreen botnet attack Comparison communication device camera Virtual Reality Cabling Cryptocurrency Microsoft Bookings Digital Black Market Budget Data Protection Remote Computing Business Mangement Websites Penetration Testing botnet Specifications business owner macbook Retail Cleaning booking process Access Hack Corporate Profile Data Security Memory Hacking Software as a Service Phishing Scams DDoS attacks Programming Television communication solutions vulnerabilities Worker Redundancy Event Rebrand Spyware Business Growth Virtualization Solid State Drive Cloud Backup Audit identity theft Google Drive Network Congestion File Sharing Virus Deep Learning Social IT Consultation Rapid City Mouse DDoS Dell ’s Sonicwall Global Management System security precautions Web Servers Microsoft Office 365 Mixer Applications Virtual Machines Maintenance media experience Local Technology Telephony Education Workers Law IT Office Physical Security IT Assessment Experience IoT Devices SharePoint Password Internet 101 Managed Service Provider Microsoft Office 365 features Vendors Tips and Tricks Cache Risk Creep Fortinet information Sales Tax VoIP Social Engineering Samsung Lawyers Vendor Management IT Strategy Sports How To IT Security Emergency Wireless Technology Community Involvement Internet Connected Devices IT for Oil Companies Business Security Flash face LiFi Tablets IT Solutions Monitors Administration Laptop Freedom of Information enterprise productivity software Business Technology Society Download Communications Hosted Solution Streaming Media Risk Management Printing Settings surveillance cameras Mobility Time Management Visible Light Communication Attorneys Displays Content Filtering Tablet Fake News password manager LastPass Disaster Windows 8 healthcare Phone System Windows XP Kaseya Downloads Trend Micro Unified Threat Management Workplace Tips Website AtomBombing Managed Services Proactive IT Compliance Managed IT SOX Microsoft Excel Fast food Distributed Denial of Service user confidence Bluetooth Tech Support tool Hardware as a Service Quick Tips Advertising Kaseya Connect Google Calendar Google Play Store Information Security Office Tips appointment Computer Care Music Sarbanes-Oxley Act Knowledge Safety Printer HaaS Virtual Desktop Conference Business Communications Email Security Business Comunications Government Running Cable VPN Writing Chamber of Commerce Press Release End User Testing Private Cloud Microchip Training Playbook Books In Internet of Things Motion Sickness Telephone Systems Employer Employee Relationship breach methods Digital Payment Health Reading Banking Machine Learning Hiring/Firing Taxes Bring Your Own Device Public Cloud Relocation 3D Printing Administrator Hacker Paperless Office base infrastructure Hacks Holiday Automobile Work/Life Balance security solution Users Unified Threat Management Notifications Business Metrics CCTV Wi-Fi end-of-support date collaboration capabilities Phone Systen Web Server holiday season IT service Rental Service Chromebook UTM Flexibility Documents Meetings Ordinary Computers holidays Cortana Emails CrashOverride Text Messaging Threat management Reliable Computing PDF quantum computers scammers Computing Tracking Twitter Scalability Supercomputer Marketing scams Language G Suite Computer Malfunction Travel Processors IT Consultant network security professionals Employer-Employee Relationship Miscellaneous Messenger Sync