Contact us today!
(518) 203-2110

Evolve IT

Evolve IT has been serving the Saratoga Springs area since 1995, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

100 Countries Hit By Android DDoS Malware

Evolve IT Blog Alerts
0 Comments
100 Countries Hit By Android DDoS Malware

In what is one of the first attacks of its kind, a botnet dubbed WireX swept across 100 countries, controlling over 120,000 IP addresses at its peak. The factor that made WireX so unique was the fact that the botnet was made up of Android-powered devices that had one of 300 malicious apps downloaded from the Google Play Store.

How It Works
WireX was designed to use HTTP requests to bombard their targets, directing as many as 20,000 requests to a target every second to use up the target’s server resources. This number of requests may not have been effective, if it weren’t for where WireX would direct its attack on the victim site. Rather than just sending 20,000 requests every second to the website as a whole, WireX would target specific pages that used more of the site’s resources. Search pages were frequently targeted for this reason.

Why Is WireX So Nasty?
There are a few factors that contribute to why WireX managed to cause such a big fuss, so quickly.

First off, although WireX is an Android-powered mobile botnet, the traffic it sends to the targeted website appears to be regular mobile browser traffic. This is a problem, because most experts who focus on defending companies from DDoS attacks utilize filters that help them to sort the malicious traffic out from the legitimate traffic. This is more difficult with WireX, as it includes its own fully-functioning browser that hides its information from the targeted system.

In addition to this, WireX also leverages SSL as a part of its attacks, which usually protects an Android user’s browser session. In this case, however, it only makes WireX more difficult to detect.

Defeating the DDoS
It ultimately took a team of experts from Cloudflare, Akamai, Flashpoint, Dyn, Google, Team Cymru and EiskIQ to stop WireX. The seven companies needed to pool their resources and data on WireX in order to identify it as a mobile-based attack, and then to identify the 300 malicious Google Play Store apps that delivered it. While these apps have not been named to the public, they were often media players, ringtones, or storage managers. Google has since blocked these apps from the Play Store, and has also removed them from the devices that were infected.

So, What Can You Do?
Your most effective defense against threats like WireX and other applications that sneak in malware is to simply not download applications that you don’t trust, as well as to educate employees on why they shouldn’t either. For more information on the latest threats and how you can protect yourself, call Evolve IT at (518) 203-2110.

Tweet

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 22 January 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Categories

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up!

Free Consultation
 

Tag Cloud

Tip of the Week Security Technology Internet Best Practices Cloud Hackers Privacy Email Productivity Malware Business Software Business Computing User Tips Upgrade Efficiency Computer Workplace Tips Google Hosted Solutions Microsoft Windows 10 IT Support Mobile Devices Innovation Smartphone Hardware Network Security Ransomware Gmail The Internet of Things Social Media Bandwidth Microsoft Office Office Backup Apps Business Continuity Disaster Recovery Communication Hacking WiFi Facebook Operating System Safety Smartphones Unified Threat Management Best Practice Quick Tips Alert Networking Data storage Data Windows Firewall Experience Content Filtering Cybercrime Website Money Mobile Device Management Network Managed Service Provider Employer-Employee Relationship Outlook History Two-factor Authentication Small Business Phishing App Wireless Technology Android Apple Mobile Computing Big Data communications Encryption Social Networking Document Management Law Enforcement SaaS Public Speaking VoIP IP Address Virtualization Retail Cortana Proactive IT Network Congestion Government Save Money Augmented Reality Keyboard Music Search Managed IT services User Hard Drives Laptop Shortcut Cryptocurrency Remote Computing DDoS Bluetooth IBM Google Docs Education Heating/Cooling Word Holiday Cleaning Automation Black Market Memory YouTube Processors Office Tips LiFi Staffing Business Management Downtime BYOD Deep Learning Passwords BDR Streaming Media Competition Help Desk Micrsooft Visible Light Communication Presentation Disaster Entrepreneur Domains Vendor Management Business Growth Data Management Robot Advertising Hacker Recovery Sports Society Monitors Google Wallet Spam Application Information Technology Customer Service Running Cable Internet of Things Windows 8 Displays Hosted Solution Windows XP IT Services Artificial Intelligence Documents Router Compliance Tech Support Office 365 End of Support Drones Saving Money Social Analytics Browser intranet Printer Lithium-ion battery Writing Virtual Desktop Wireless Unified Communications Securty
QR-Code