13:31 Botnets are participating in the "slowbruteforce ' have become smarter | |
Around the beginning of November, security experts noticed an unusual behavior of botnets. They started to coordinate efforts to slow the sorting of logins and passwords to various hosts. Experts call it the "slow bruteforce", because the speed of brute force is extremely small (need to enumerate all combinations of all possible passwords for logins in the dictionary) - this process will take several years. But due to the huge number of vehicles involved in the attack, it still gradually moving - every day, hackers get a "catch." Requests go to different IP (see logs). Apparently coordinated attack from a common center (the bots have a common vocabulary for sorting options). So far botnets have sifted through more than half of the dictionary and came to the letter "o". Where will it end and who is behind the strange activity - not yet entirely clear. It is also unclear why the attackers did not touch the car under OpenBSD. One thing is clear: the recent botnet activity has changed. Fewer attempts to guessing the password for each login from 10-15 to 1-4. Experts believe that the reason for this could be the reallocation of resources in the botnet. Bots dynamically switch from the more complex goals into simpler and reallocate resources. Search the Internet about the slow bruteforce shows that the first signs were seen in May 2008. Analyze an unknown enemy can only be if you combine logs from different services, for which there is activity of these bots. | |
|
Total comments: 0 | |