Bitcoin mining botnet also used for DDoS attacks

A recently discovered P2P Bitcoin mining botnet has acquired DDoS capabilities, warns Kaspersky Lab expert Tillmann Werner.

It’s main reason of existence has so far been Bitcoin mining, as the bot installs three Trojans with that function (Ufasoft, RCP and Phoenix), but it also functions as a way of delivering other malicious software to the infected machines.

And among the delivered files are two DDoS program. According to H Security, their targets change as different victim lists are delivered to it by the botnet operators.

Currently, the first module – which uses HTTP flooding – is attacking 31 German and two Austrian estate agency portals and food industry sites.

The second one, using UDP flooding, is targeting the IP addresses of companies that offer anti-DDoS services.

Among the food industry sites targeted is pizza.de, which confirmed that it had been suffering an attack for three hours, during which it was bombarded with 20,000 – 30,000 HTTP requests per second, coming from some 50,000 IP addresses.

Unfortunately, given the P2P architecture, this botnet will be extremely hard to take down. As things stand, the number of infected machines taking part of it is increasing. And, as its targets are easily updated by its operators, the next ones will likely be determined by the people who will rent its services in the future.