Syntax errors are the doom of us all, including botnet authors
Enlarge / If you're going to come at port 443, you best not miss (or forget to put a space between URL and port). (credit: Getty Images)
KmsdBot, a cryptomining botnet that could also be used for denial-of-service (DDOS) attacks, broke into systems through weak secure shell credentials. It could remotely control a system, it was hard to reverse-engineer, didn't stay persistent, and could target multiple architectures. KmsdBot was a complex malware with no easy fix.
That was the case until researchers at Akamai Security Research witnessed a novel solution: forgetting to put a space between an IP address and a port in a command. And it came from whoever was controlling the botnet.
With no error-checking built in, sending KmsdBot a malformed command-like its controllers did one day while Akamai was watching-created a panic crash with an "index out of range" error. Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions. It is, as Akamai notes, "a nice story" and "a strong example of the fickle nature of technology."