Syntax Errors Are the Doom of Us All, Including Botnet Authors

An anonymous reader shares a report: KmsdBot, a cryptomining botnet that could also be used for denial-of-service (DDOS) attacks, broke into systems through weak secure shell credentials. It could remotely control a system, it was hard to reverse-engineer, didn't stay persistent, and could target multiple architectures. KmsdBot was a complex malware with no easy fix. That was the case until researchers at Akamai Security Research witnessed a novel solution: forgetting to put a space between an IP address and a port in a command. And it came from whoever was controlling the botnet. With no error-checking built in, sending KmsdBot a malformed command -- like its controllers did one day while Akamai was watching -- created a panic crash with an "index out of range" error. Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions. It is, as Akamai notes, "a nice story" and "a strong example of the fickle nature of technology." KmsdBot is an intriguing modern malware. It's written in Golang, partly because Golang is difficult to reverse-engineer. When Akamai's honeypot caught the malware, it defaulted to targeting a company that created private Grand Theft Auto Online servers. It has a cryptomining ability, though it was latent while the DDOS activity was running. At times, it wanted to attack other security companies or luxury car brands.

Read more of this story at Slashdot.