The evolution of sophisticated botnet attacks continues to wreak havoc on IoT devices. However, the latest incident indicates that the botnet army is now after the devices from multiple cloud provider platforms.

What’s the matter?

  • Researchers at 360Netlab have found a new botnet named Abcbot that is written in the Go language.
  • The botnet, which is still under development, was first observed in July 2021.
  • As time passed, the botnet added the DGA feature to generate new domain names and IP addresses.
  • Currently, it is capable of self-updating, setting up a web server, launching DDoS attacks, and worm-like propagation. 

The nine attack methods

The nine types of DDoS attack methods launched by Abcbot are:
  • TLS attack
  • TCP attack
  • UDP attack
  • ACE attack
  • HULK attack
  • HTTP GET attack
  • GoldenEye attack
  • Slowloris attack
  • BandwidthDrain attack

Other details

  • The botnet achieves worm-like propagation features using weak passwords and N-Day vulnerability in the WebLogic Server. 
  • It scans for poor passwords for SSH, FTP, PostgreSQL, Redis, Mssql, and Mongo to breach networks.
  • The botnet is currently being used against Linux systems. 


Abcbot is slowly moving from infancy to maturity, according to researchers. The creators behind the botnet are testing various technologies with an aim to evolve the botnet with sophisticated features. Although the update process has not been continuous since its emergence, researchers believe that there is much more to be seen as the botnet reaches the final stage.  

Cyware Publisher