SecureMac, Inc.

Collaborative Power: Security Teams Work Together to Destroy Botnet

September 25, 2017

Of all the major cyber security threats out there today, few are as frustrating and complicated to contend with as botnets. From the malware that spreads the infection from device to device, enslaving them to a remote command and control server, to the many malicious purposes hackers use them for, they’re a tough threat to combat. Recently, however, the security community got a firsthand look at the value of collaborating to take down threats to users. Six firms set aside the competitiveness of their industry to work together to …

Collaborative Power: Security Teams Work Together to Destroy Botnet

Of all the major cyber security threats out there today, few are as frustrating and complicated to contend with as botnets. From the malware that spreads the infection from device to device, enslaving them to a remote command and control server, to the many malicious purposes hackers use them for, they’re a tough threat to combat. Recently, however, the security community got a firsthand look at the value of collaborating to take down threats to users. Six firms set aside the competitiveness of their industry to work together to dismantle a botnet known as “WireX,” which had taken over thousands of Android devices.

Those who controlled WireX used it to execute DDoS attacks on a wide number of websites for businesses within the hospitality industry. At first, the attacks were small and insignificant; however, within weeks, many more devices were under the control of the hackers, and the attacks became overwhelming. As researchers began to look more deeply into how WireX was spreading on Android devices, they uncovered that many apps on the Google Play store were to blame.

While these apps performed what they claimed on the surface, they also contained a small malicious module designed for pelting the target websites with junk traffic. Users likely never realized their devices were compromised at all. Once the research teams had discovered the overall attack vector, it was time to go to work. Searching for the threat in concert, they ultimately identified more than 300 separate apps on the Play Store that were serving up the malicious code, conscripting devices into the WireX botnet.

Taking their findings to Google resulted in the rapid destruction of the botnet as Google yanked the apps off the Play store and began remotely deleting them from infected Android devices. Thanks to the collaborative work that went on, WireX collapsed within a month of initially coming online. Many of those involved stated that their work together on combating last year’s Mirai DDoS attacks had laid the groundwork for their efforts against WireX.

While healthy competition is vital for the security industry, efforts such as these also highlight the importance of working together in the interests of all users everywhere. By bringing together more expertise and experience, we can continue to fight back against hackers and malware authors everywhere. With WireX down, what will be the next target?

Get the latest security news and deals