Unless you’re an IT Security Professional, you may never have heard of EnemyBot. It is a bit like the Frankenstein of malware threats, a botnet that has borrowed code from multiple different sources.
While that’s not terribly original, it does make it dangerous. The hackers behind the code are actively adding new exploits as newly disclosed critical vulnerabilities come to light in content management systems, IoT devices, Android devices, and web servers.
The botnet was first seen in action in March and is currently being tracked by researchers at Securonix. By April, newer code samples were acquired, and the researchers found that EnemyBot had already integrated capabilities to attack flaws in more than a dozen processor architectures.
The botnet doesn’t do anything fancy and it mainly relies on DDoS (distributed denial of service) attacks. The latest version spotted has the capability to scan for new target devices and infect them.
According to AT&T’s Alien Labs, the most recent code samples contain several new exploits, including those for:
Enemybot is a genuine threat and proof positive that you don’t have to be original or engage in out of the box thinking to engineer a serious piece of malware. Watch out for this one because the developers behind it are clearly just getting warmed up.