Ethical Hacking News
A new botnet called HTTPBot has been discovered, specifically targeting the gaming and tech industries in China with surgical attacks. The botnet uses advanced DDoS tactics like HTTP Floods and obfuscation to bypass traditional detection methods. This represents a paradigm shift in the way DDoS attacks are conducted, posing a significant threat to industries reliant on real-time interaction.
The HTTPBot botnet is a new DDoS botnet specifically designed to target the gaming and tech industries in China. The botnet uses advanced DDoS tactics, including HTTP Floods and obfuscation to bypass traditional detection methods. The botnet employs a range of HTTP-based attack methods, including BrowserAttack, HttpAutoAttack, and WebSocketAttack, to conduct transactional (business) DDoS attacks. The malware hides its GUI to evade detection and ensures persistence by adding itself to the Windows startup registry. The botnet communicates with its server via a streamlined process using an "attack ID" for precise control. The malware bypasses detection using Base64 encoding, dynamic URLs, and simulates human behavior. The discovery of the HTTPBot botnet highlights the growing threat landscape and the need for increased cooperation between governments, organizations, and individuals to combat cybercrime.
Cybersecurity experts have recently uncovered a new botnet dubbed HTTPBot, which has been designed to specifically target the gaming and tech industries in China. The discovery of this botnet has significant implications for the security landscape, as it represents a paradigm shift in the way DDoS attacks are conducted.
The HTTPBot botnet was first detected in August 2024, but its activity surged in April 2025, with researchers warning that it poses a systemic threat to industries reliant on real-time interaction. The botnet uses an "attack ID" for precise control and employs advanced DDoS tactics like HTTP Floods and obfuscation to bypass traditional detection methods.
According to NSFOCUS cybersecurity researchers, the HTTPBot botnet has taken a different approach by developing a range of HTTP-based attack methods to conduct transactional (business) DDoS attacks. These attacks allow attackers to precisely target high-value business interfaces and launch targeted saturation attacks on critical interfaces, such as game login and payment systems.
The researchers pointed out that the botnet supports 7 built-in DDoS attack methods, all of which are HTTP types. The attack methods mainly used in its attacks include http_fp, http_auto, and HTTP. The malware hides its GUI to evade detection and ensures persistence by adding itself to the Windows startup registry.
The bot communicates with its server via a streamlined process using an "attack ID" for precise control. It supports 7 HTTP-based DDoS methods, configurable with parameters like target, duration, and method. Below are attacks methods detailed by the researchers:
* BrowserAttack: Launches hidden Chrome instances to simulate real user behavior and deplete server resources.
* HttpAutoAttack: Utilizes cookies to mimic legitimate session behavior with high accuracy.
* HttpFpDlAttack: Leverages the HTTP/2 protocol to overload server CPUs by triggering large response payloads.
* WebSocketAttack: Establishes connections using "ws://" and "wss://" protocols to exploit WebSocket communication.
* PostAttack: Conducts attacks by forcing the use of HTTP POST requests.
* CookieAttack: Enhances BrowserAttack with advanced cookie handling to further imitate authentic web interactions.
The malware bypasses detection using Base64 encoding, dynamic URLs, and simulates human behavior. Some attacks require Windows version greater than 8, showcasing advanced evasion and control techniques. The researchers concluded that DDoS Botnet families tend to congregate on Linux and IoT platforms, but the HTTPBot botnet family has specifically targeted the Windows platform.
The discovery of the HTTPBot botnet highlights the evolving nature of cyber threats and the need for organizations to stay vigilant in protecting their systems against such attacks. It is essential to monitor for signs of suspicious activity and implement robust security measures to prevent DDoS attacks from compromising critical infrastructure.
In recent months, there have been numerous reports of various malware campaigns targeting different industries, including gaming, tech, education, and finance. These incidents underscore the importance of prioritizing cybersecurity and investing in robust security protocols to safeguard against such threats.
The emergence of HTTPBot also underscores the growing threat landscape and the need for increased cooperation between governments, organizations, and individuals to combat cybercrime. It is crucial to remain informed about emerging threats and to take proactive steps to mitigate their impact.
In conclusion, the discovery of the HTTPBot botnet represents a significant development in the world of cybersecurity. Its sophisticated attack methods pose a systemic threat to industries reliant on real-time interaction, and its targeting of specific sectors highlights the evolving nature of cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Botnet-HTTPBot-Targets-Gaming-and-Tech-Industries-with-Surgical-Attacks-ehn.shtml
https://securityaffairs.com/177930/malware/new-botnet-httpbot-targets-gaming-and-tech-industries-with-surgical-attacks.html
Published: Fri May 16 15:16:33 2025 by llama3.2 3B Q4_K_M
