You can now find Cyber Kendra on Google News!

LizardSquad's DDoS Tool Is Powered By Home Routers

LizardSquad's DDoS Tool Is Powered By Home Routers, Lizard Stresser Runs on Hacked Home Routers, “Lizard Stresser” runs mostly on thousands of hacked home routers, More news for Lizard Stresser Runs on Hacked Home Routers,
LizardSquad's DDoS Tool Is Powered By Home Routers, Lizard Stresser Runs on Hacked Home Routers, “Lizard Stresser” runs mostly on thousands of hacked home routers, More news for Lizard Stresser Runs on Hacked Home Routers,
Last year a hackers group named as "Lizard Squad" have taken down the PlayStation Network and Xbox Live server completely offline for a day via a DDoS attack. The attack was so powerful that both online gaming server went off during holidays.

Lizard Squad had used a tools called "Lizard Stresser" for DDoS attack on both Microsoft and Sony gaming network. As we have earlier noted that hackers DDoS tool, Lizard Stresser is also available on rental basis, and an unknown hacker had used the same tool to attack 4Chan.

A security blog "KrebsonSecurity" had also suffered from a series of large and sustained denial-of-service attacks earlier this year with the same tool. Security researcher Krebs have done a deep research regarding the attack. He found that the attack was made by Lizard Stresser tool.  On his research he found that tool is powered mostly by thousands of hacked home Internet routers.

Krebs noted that the booter service — lizardstresser[dot]su — is hosted at an Internet provider in Bosnia that is home to a large number of malicious and hostile sites. He added, the provider happens to be on the same “bulletproof” hosting network advertised by “sp3c1alist,” the administrator of the cybercrime forum Darkode.
"Few days ago, Darkode and LizardStresser shared the same Internet address. Interestingly, one of the core members of the Lizard Squad is an individual who goes by the nickname “Sp3c.” - Krebs wrote.
While researching, on Jan 4 - Krebs found the location of the malware that powers the botnet. Interesting thing he found on the source code of the malware is the location of the LizardStresser botnet controller, which happens to be situated in the same small swath Internet address space occupied by the LizardStresser Web site (217.71.50.x).
LizardSquad's DDoS Tool Lizard Stresser

The malware exploits the vulnerable system and converts then into a stresser bots, which is a variants of the crude malware that was found by the Russian security firm Dr. Web in November.
The malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as “admin/admin,” or “root/12345”. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
The botnets not only targets Home based routers but also to some commercial routers used in universities and companies. The botnet malware spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.

Some of the sources reports that Lizard Squad group have Google cloud computing service for the attack, which was taken on a rental via a hacked credit card. Google quickly look at the activities of the hackers associated account and thus shut down the computing resources that were purchased with stolen cards.

Google representative have not discuss the specific incidents, just noted - “We’re aware of these reports, and have taken the appropriate actions.” 

Nevertheless, the incident was documented in several places, including this Pastebin post listing the Google bots that were used in the failed scheme, as well as a discussion thread on the Tor Project mailing list.

Post a Comment