During the past few weeks, me and Joรฃo Gouveia of AnubisNetworks have spent many an evening hunting a botnet that Joรฃo had discovered and subsequently called ‘UnknownDGA17’.
I think ‘hunting’ is the right term here, because we based our research on information from AnubisNetworks’ Cyberfeed, in particular hundreds of thousands of connections the botnet made to a sinkhole, rather than on actual malware samples. In the end, we were able to find so many links with ‘Mevade’, a botnet (in)famous for using the Tor network for C&C communication, that we can be certain the botnets are closely linked, if not the same. We also found that Mevade is heavily involved in bitcoin mining.
The full story is here.
Categories