KmsdBot Malware and Botnet Quiz

Questions and Answers

What error did the KmsdBot controllers cause when controlling the botnet?

Syntax Error

Stack Overflow Error

Index Out of Range Error (correct)

Null Pointer Error

What is the best defense against KmsdBot?

Firewalls

Antivirus software

Public key authentication (correct)

Improved login credentials

What language is KmsdBot written in?

JavaScript

C++

Python

Golang (correct)

Study Notes

• KmsdBot is a cryptomining botnet that could also be used for denial-of-service (DDOS) attacks.
• Researchers at Akamai Security Research noticed that, when controlling the botnet, its controllers forgot to put a space between an IP address and a port in a command. This caused a panic crash with an "index out of range" error.
• Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions.
• KmsdBot is an intriguing modern malware written in Golang.
• Almost all KmsdBot activity Akamai's firm was tracking has ceased, though the authors may be trying to reinfect systems again. Using public key authentication for secure shell connections, or at a minimum improving login credentials, is the best defense in the first place.

Description

Test your knowledge about KmsdBot, a cryptomining botnet that can also be used for DDOS attacks, written in Golang and known for causing a panic crash due to a command error. Learn about the lack of persistence and the best defense mechanisms against it.