Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Tracking Emerging 'Darkness' Botnet

Posted by Soulskill on from the new-kid-on-the-block dept.

Trailrunner7 writes "Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.'"

14 of 85 comments (clear)

  1. Charlie Murphy virus? by MrEricSir · · Score: 4, Funny

    "AAAAAH! It's a celebration, bitches!"

    --
    There's no -1 for "I don't get it."
  2. Slightly related question by afaik_ianal · · Score: 2

    Slightly related question: how on Earth would one pay for use of a botnet like this?

    It's not like you're going to hand your credit card details over to someone like this, right?

    1. Re:Slightly related question by machxor · · Score: 4, Insightful

      My assumption is that someone needing a service like this would use *YOUR* credit card details to pay for it ;-)

    2. Re:Slightly related question by afaik_ianal · · Score: 3, Informative

      Ahh, I've answered my own question by re-reading TFA. They accept payment by WebMoney.

      To those that answered "they use stolen credit cards", seriously, just think that through. Just because they're criminals, does not mean they're stupid. That they're not getting caught suggests they're not *that* stupid.

    3. Re:Slightly related question by windcask · · Score: 2

      That's why you use a different credit card every month. You might get a rejection every once in a while, but the only people who will notice the charge are those that don't use their cards very often in the first place.

    4. Re:Slightly related question by Charliemopps · · Score: 2

      Go to Walmart. You can pick up a credit card in the checkout that you can load with cash right there. No name, no address to trace back to you.

  3. Version Numbers by multipartmixed · · Score: 2, Funny

    > It is regularly updated and improved and of this writing is up to version 7

    That's nothing -- I heard this one goes up to 11!

    --

    Do daemons dream of electric sleep()?
  4. Slashvertising botnets now ? by billcopc · · Score: 3

    Are we really slashvertising botnets now ? "up to version 7"... I mean come on, who actually gives a shit ? Botnets exist, and they tend to be based in Russia, which is why I think someone should do the world a solid and drive a backhoe across eastern Europe.

    --
    -Billco, Fnarg.com
    1. Re:Slashvertising botnets now ? by c6gunner · · Score: 2

      Botnets exist, and they tend to be based in Russia, which is why I think someone should do the world a solid and drive a backhoe across eastern Europe.

      That's a quick way to fame, anyway. You'd always be remembered as the first man to wear an ICBM as a suppository.

  5. Re:Peer-to-peer by Plekto · · Score: 3, Interesting

    The real question is why these "researchers" aren't actively poisoning the wells as it were to disrupt the botnets. It's like watching some nature show where they sit passively while the huge coyote mauls the little pet. At some point you would think that they would try to do something.

    Of course, there is a simpler method open to authorities, which is to just not accept connections from Russia. If need be, just cut the wire until the local government hunts these criminals down.

  6. Re:Peer-to-peer by blair1q · · Score: 2

    Decentralized control makes it easier to hijack the whole thing.

  7. Re:Peer-to-peer by KublaiKhan · · Score: 4, Insightful

    Because there are ethical considerations involved.

    Standard research ethics forbids the researchers from interfering with what is being researched. Part of this is to ensure the safety of the researchers: when the coyote's eating the yorkie, there's a very real danger of the researcher getting bitten by a rabid coyote. Likewise, if the researchers take over a botnet, there's a very real danger that their activities could be traced and the Russian Mafia comes and pays them a visit.

    The other part is that the conclusions that they could draw may not be as valid (or completely invalid) if they have interfered. Certainly no respectable peer-reviewed journal would accept the research if it's been tainted like that.

    Also, there's a lot more to be learned by watching it evolve naturally; the researchers may require some time to catch the full context of the setup, whereas if they interfered right away they could lose sight of certain management techniques or whatnot that would otherwise help in the botnets' defeat.

    Finally, the action you propose is actively illegal. Just because it's a crime against another criminal doesn't mean they can't be prosecuted for it.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
  8. Just some Mountain Dew, Cheetos, and... by Captain+Spam · · Score: 2

    Researchers Tracking Emerging 'Darkness' Botnet

    Pssht, easy. Just cast magic missile at it. That's a proven method of attacking the darkness.

    --
    Demanding constant attention will only lead to attention.
  9. Re:Peer-to-peer by KiloByte · · Score: 2

    The line in WikiLeaks cables that the Russian government is Mafia-driven is quite an understatement.

    The authorities there know damn well who's herding botnets, but taking them down would be like taking another department of your own company.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.