Bushido botnet powered ‘0x-booter’ has launched more than 300 DDoS attacks in two weeks

• The malicious DDoS-for-hire service can launch attacks without direct contact between the user and the bot master.
• 0x-booter is available at prices ranging between $20 and $150.

A new DDoS-for-hire service called ‘0x-booter’ has been spotted in the wild. It is powered by the Bushido IoT botnet and is often disguised as a legitimate ‘booter’ or ‘stresser’ services.

Security experts from Fortinet, discovered the 0x-booter on October 17, 2018. The authors of the service promoted this Crime-as-a-Service on social media platforms, where they advertised ‘0x-booter’ as containing over 500Gbps of bandwidth and 20,000 bots. This service is available to anyone who signs up to the website.

Modus operandi

Once logged in, the website displays a dashboard that shows profile information, including a summary of attack data and botnet details. However, Fortinet experts believe that the service has lower capabilities and fewer bots than advertised.Researchers observed 0x-booter carrying out attacks at a bandwidth of 424.825 Gbps by leveraging 16,993 bots.

“At the time of our analysis, we didn’t get the same data as advertised in the developer’s Facebook post. Our network speed was 424.825 GB/s and only 16,993 bots were connected. However, that is still more than adequate in most cases,” Rommel Joven and Evgeny Ananin, security experts at Fortinet, wrote in a blog.

The malicious service can launch DDoS attacks without direct contact between the user and the botmaster.

“Like any other DDoS-for-hire, initiating a DDoS attack is made through a web user interface, which avoids the need for direct contact between the user and the botmaster. In the attack hub interface, as shown below, the details of the host or domain, port, attack duration, and the type of attack can all be configured before launching an attack,” the researchers explained.

Attack surface

The 0x-booter service providers target layer 4 and layer 7 of the Open Systems Interconnection (OSI) model. Depending on the number of attacks, the duration of an attack, and customer support, the service is available at prices ranging between $20 and $150.

Since the launch of the website on October 14, the attackers have managed to carried out over 300 attacks.

“If the files are to be believed, more than 300 attacks have been launched from this site since its servers first came online on Oct 14th,” the security researchers added. “The Bushido botnet proves that simple modifications made to the Mirai code can sustain a marketable DDoS-for-Hire service structure. With just a few clicks, a few dollars, and a little knowledge about botnets, would-be cybercriminals can get their hands on massive botnets and cause great damage.”