GorillaBot Unleashed: The Beastly Botnet That's Rampaging Across the Internet
Posted: Tue Oct 08, 2024 9:33 am
Picture this: your servers are quietly humming along, business as usual. But somewhere, in the dark corners of the digital jungle, a new menace is lurking, ready to pounce. Enter *GorillaBot*—a beastly new malware family that has already taken a massive bite out of the internet’s defenses.Discovered by cybersecurity experts at NSFOCUS, this virtual King Kong isn’t just another botnet—it’s a juggernaut born from the notorious *Mirai* botnet’s leaked source code. Between September 4 and September 27, 2024, GorillaBot unleashed over **300,000** attack commands, targeting a laundry list of victims across more than **100 countries**. Think you’re safe? Think again. This digital behemoth is chewing through universities, government websites, banks, telecoms, and even gaming and gambling sites like they’re nothing more than leaves in the wind.
With a staggering **20,000 DDoS attacks** issued per day, GorillaBot has put countries like China, the U.S., Canada, and Germany in the crosshairs. If you’re in one of these places, you might want to check your network logs... or maybe just run.
The Monkey Business of Attacks
GorillaBot has quite the arsenal, launching sophisticated Distributed Denial-of-Service (DDoS) attacks using tactics like UDP flood, ACK BYPASS flood, SYN flood, and even the Valve Source Engine (VSE) flood—yes, Gorilla's getting nerdy. And thanks to the nature of the UDP protocol, this malicious primate can spoof IPs, making it a nightmare to trace. It’s like a shadow boxing match, and your server’s the punching bag.
But don’t expect this botnet to discriminate—it supports multiple CPU architectures, from ARM to x86_64, meaning it's more than happy to terrorize anything it can get its claws on. And with five command-and-control (C2) servers at its disposal, it’s always ready for action, like a cyber version of a Gorilla on steroids waiting for its next meal.
GorillaBot’s Wild Trick: Hacking Hadoop
Just when you think the chaos couldn’t get worse, GorillaBot pulls a sneaky move—it comes equipped with a vulnerability exploit that targets *Apache Hadoop YARN RPC*, allowing it to achieve remote code execution. This flaw’s been around since 2021, but GorillaBot’s just getting started with it, much to the horror of anyone relying on Hadoop. Talk about a blast from the past, only this time with a botnet-sized fist smashing through your defenses.
Clingy, Persistent, and Ready to Wreak Havoc
Once this digital primate latches onto a system, it’s not letting go anytime soon. GorillaBot ensures its persistence by creating a sneaky service file called *custom.service* in the `/etc/systemd/system/` directory, making sure it runs every time your system starts up. It’s like finding a gorilla in your living room that refuses to leave.
But wait, there’s more! The malware also drops commands in files like `/etc/inittab` and `/boot/bootcmd`, ensuring it downloads and runs a malicious shell script called *lol.sh* every time the system boots or a user logs in. Yep, every single time. It's like a bad prank that keeps coming back to haunt you.
So, What’s Next?
NSFOCUS reports that this monster of a botnet also uses encryption techniques to hide its activities, thanks to some tricks borrowed from the notorious *Keksec group*. This, combined with a terrifyingly high level of counter-detection awareness, makes GorillaBot a force to be reckoned with. It’s a digital gorilla with a brain, and it’s using every tool at its disposal to stay hidden while it stomps through the internet jungle.
One security researcher, who goes by *Fox_threatintel* on X, confirmed that GorillaBot isn’t entirely new—it’s been active for over a year, slowly building its empire in the shadows. And now, it’s more dangerous than ever.
So, while your system might seem quiet, just remember: somewhere in the digital underbrush, GorillaBot is lurking. You might not see it coming, but when it hits, you’ll know. And by then, it might already be too late.
If you think your system’s safe from this botnet beast, click the link below for more details—but don’t say we didn’t warn you. Stay safe, and keep your firewalls stronger than Gorilla fists.
