They’ve done nothing wrong as such, and even if they shut down the accounts that are communicating with the botnet there would be nothing to stop the hackers behind the campaign creating new accounts or using an alternative service (Twitter, perhaps?) to communicate with the compromised computers.Īnd it’s important to stress that Reddit isn’t spreading the infection – it’s simply providing a platform that is helping the botmasters communicate with the Mac computers they have managed to infect.ĭr Web’s research team claim that the country hit hardest by the botnet is the United States, followed by Canada and the United Kingdom. This isn’t really Reddit’s fault of course. The search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd. It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at, and - as a search query - specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. It sends a request to a remote site to acquire a list of control servers, and then connects to the remote servers and waits for instructions. Then opens a port on an infected computer and awaits an incoming connection. Fascinatingly, compromised computers receive commands from servers under the control of botmasters, using information posted in messages on Reddit as a navigational aid:
0 kommentar(er)
