Threat Database Botnets LeetHozer Botnet

LeetHozer Botnet

By GoldSparrow in Botnets

The infamous botnet known as Mirai has inspired many cyber crooks to create their own networks of hijacked gadgets that can be used for all sorts of nefarious purposes. One of the latest projects that includes various modules from the Mirai Botnet has been dubbed the LeetHozer Botnet. Just like most botnets, the LeetHozer Botnet appears to serve the purpose of launching DDoS (Distributed-Denial-of-Service) attacks against targeted systems.

To locate vulnerable targets, the operators of the LeetHozer Botnet would initiate a scan, whose goal is to detect ‘telnetd’ services, which are accessible freely. Next, the attackers would attempt to infiltrate the services in question by using default login credentials. If the attackers manage to compromise the targeted system, they will inject the payload of the LeetHozer Botnet. After completing the infection process, the newly compromised system will be added to the list of the LeetHozer Botnet members. This means that the operators of the LeetHozer Botnet would be able to control the newly infected system via their C&C (Command & Control) server.

The infection vector that the LeetHozer Botnet relies on is very basic, and this means that only a small number of systems are likely to be vulnerable to its attacks. This is one of the main reasons why the botnet is so small for now. However, according to malware experts, the LeetHozer Botnet does not seem to be a very high-end project, and it is unlikely that we will see any major updates in the future.

Moobot Moves In

Moobot itself has been used in a range of attacks since it was first discovered in September 2019. One of the more notable attacks occurred in March 2020, when the Network Research Lab at 360 discovered threat groups exploiting zero-day vulnerabilities in LILIN DVR devices. The vulnerability was used to distribute malware. Researchers found Moobot once again abusing zero-day flaws just a month later in attacks on fiber routers.

How to Protect a PC Against the LeetHozer Botnet

It’s up to the security professionals at organizations to protect against DDoS attacks, including attacks from the LeetHozer botnet. The best place to start is with an incident response plan. Create a strategy to ensure that the backup servers kick in as soon as an attack focuses on the network to prevent downtime as much as possible. There are also plenty of artificial intelligence solutions that help to predict attacks, determine when one is happening, and respond appropriately.

Get Rid of the Trojan Network

The best way that you can protect against an attack is to be prepared for it. Most of the defense against botnets and Trojans comes in the form of prevention techniques. Malware researchers haven’t seen LeetHozer botnet in anything other than Linux devices right now, so Linux owners should be especially vigilant about installing security patches and preventing any software vulnerabilities from getting their computer infected. Be sure to choose strong unique passwords to prevent intrusion from telnetd and other remote admin services that use default passwords.

Companies that fall victim to DDoS attacks need to have a response plan in place ready to go. The response plan includes procedures to ensure everyone is working on the same page and knows how to respond. Network security tools, such as virtual private networks and spam blockers, offer good protection against DDoS attacks. It’s also a good idea to invest in cloud-based assets and server redundancy. Server redundancy basically means that even if one or two servers are taken out, it won’t affect performance as a whole.

While people using compromised devices generally aren’t aTt direct risk of a DDoS attack, they should still attempt to remove the hijacking as quickly as possible. There are a number of great anti-malware tools that work on Linux and are able to remove LeetHozer and restore default network settings.

Nothing New

The idea of a "hybridized" botnet like this is nothing new to security researchers. There are other botnets, such as Persirai and Fbot, that also show signs of taking the Mirai botnet and adding a little something special to it. The botnets themselves aren’t too complex, but they do show a clear laziness in password choice. If your computer is being affected because you have default and easy-to-guess passwords, then that’s a sign that you need to create new and unique passwords. Take steps to prevent your computer from becoming part of a botnet.

Despite the fact that the LeetHozer Botnet may not be a very elaborate operation, it is still fully capable of compromising targeted systems and using their hardware and software to carry out its nefarious campaigns. Make sure you protect your computer by installing a genuine anti-spyware suite and do not forget to update all your applications regularly.


Most Viewed