The botnet IPStorm, consisting of over 9000 hacked devices, is now offered as a completely open anonymization service. Bitdefender's experts provide detailed insights into the inner workings of the botnet.
Since its discovery in June 2019, Bitdefender security researchers have been monitoring the development cycle of the Interplanetary Storm botnet, which consists of more than 9000 hacked devices. IPStorm basically has a complex modular infrastructure, the operators have the best development practices and are very familiar with hiding management nodes. The botnet is constantly updated and has been used as a paid anonymization service for some time now. In its new iteration, IPStorm spreads through attacks on Unix-based systems (Linux, Android and Darwin) running Internet-facing SSH servers with weak credentials or unsecured ADB servers.
Subscription-based model
The service is not offered in the Darknet, but via a website on the normally accessible Internet as a subscription. Depending on the number of TCP connections they want, the group charges between $ 74 and $ 259. A premium package for $ 499 can also be booked. The bots are used as a proxy via a P2P network, which users use to hide their criminal activities.
Whitepaper reveals details about IPStorm
Bitdefender describes the inner workings of IPStorm in a detailed white paper (PDF), provides a comprehensive technical analysis of the binary files written by Golang (aka "Go" programming language) along with an overview of the protocol internals and some information on attribution.
The main findings of the whitepaper
- IPStorm is currently likely to be offered as an anonymous proxy network
- It is designed to use compromised devices as proxies
- The botnet mapping shows global presence
- It is rented on a subscription basis with a multi-tier pricing model
- More than 100 code revisions to date
More on this at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de