The BotenaGo threat is using the back door of a damaged device, and then waits for instructions – either from a remote operator or malicious module on the device – to launch an attack.
As part of a routine BotenaGo attack, a malware program starts by mapping out what might be available to attack operations, then asks the target for a GET request, then searches for retrieved data, and then attempts to exploit the targeted vulnerability.
On a compromised device, a malware program creates two back holes: 31412 and 19412, and then starts listening to port 19412 to receive the victim’s IP. Next, it goes into the exploit operations mapped to do it with a given IP. Researchers at AT&T Alien Labs have identified a total of 33 bullying activities initiated by BotenaGo.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News