As it was discovered, the botnet’s communication with operators can be disabled by a single command. The situation occurred while testing the botnet system, which was built on the KmsdBot malware. When investigating the network’s capabilities, Akamai specialists sent a command to the bot that contained a syntax error. That caused the entire botnet to shut down.
The botnet is based on code written in GO, which uses the SSH protocol to infiltrate corporate networks. Once in the user’s hands, the malware connects the user to the botnet and uses the user’s hardware to perform mining and DDoS attacks.
Experts gave their assessment as to why it was possible to bring down an entire botnet with a single command:
The lack of a mechanism that allows malicious code to gain a foothold in the system
Lack of a mechanism that checks the command for correctness
The consequences of such a mistake were that the botnet network would be disconnected from the operators and the entire network would have to be reconfigured and configured.
