Massive Leet Botnet Launches a 650 Gbps Attack

Security experts from Imperva have uncovered a new dangerous hacking threat – the Leet Botnet which gained a bandwidth of 650 Gbps which makes it one of the largest DDOS attacks to date.

The Leet Botnet Is a Destructive Force

Experts from Imperva uncovered a new massive botnet known as the Leet Botnet which according to the statistics is one of the largest DDOS tools having amassed a bandwidth thorough of 650 Gbps. The identified attack was initiated on December 21 and it was targeted against individual IP addresses located on the Imperva Incapsula network.

The attack used IP spoofing which makes it to accurately identify the compromised machines. However the researchers were able to discover some clues of the payload’s contents. A manual analysis shows that some of the individual payloads pointed out to Linux devices. The attack was conceived using two waves:

  1. The first wave lasted for about 20 minutes and peaked at 400 Gbps. When the attack failed to take down the host it was shut down and then regrouped to launch the second wave.
  2. The second wave generated a maximum bandwidth of 650 Gbps DDOS flood which resulted in more than 150 million packets per second. It lasted for 17 minutes and also failed to take down the protected hosts.

As the botnet uses spoofed addresses it is impossible to geolocate the attacking devices. The Imperva researchers however took an in-depth look at the signatures of the packets and uncovered some interesting insight.

  • The TCP Options header of the packets hold values that are arranged in a way to spell out “1337” which is attributed to the hacker slang leet.
  • Two separate payloads were used – regular SYN packets with sizes from 44 to 60 bytes and a very large SYN packet with sizes from 799 to 936 bytes.

According to the security experts the Leet botnet can rival Mirai in capacity and the fact that it is very likely that its operators are currently recruiting new peers means that it is very likely to see a very larger incoming DDOS threat.

The bad is that there is no way to counter botnet attacks beyond safeguarding the network with the best possible security policies and network devices. The larger risk of botnet recruitment lies in the virtually insecure IoT devices that are sold to both consumers and businesses.

We would like to remind our readers that there is another important issue. The majority of the malware families can include botnet recruitment capabilities that can make infected computers part of the Leet Botnet or Mirai. To remove existing infections and protect your computers you can use a trusted anti-spyware tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts