Organizations in the gaming, tech, and education sectors across China have been subjected to escalating intrusions involving the novel Windows-based HTTPBot botnet malware over the last few months, with at least 200 attacks observed since April, The Hacker News reports.
HTTPBot obscures its graphical user interface to maintain stealth and alters the Windows registry for automated operations before receiving commands for attacks that involve the exploitation of concealed Google Chrome instances for spoofed traffic, the simulation of legitimate sessions, the increase of the server's CPU loader, the creation of WebSocket connections, the utilization of HTTP POST for attacks, and the inclusion of a cookie processing flow, according to an analysis from NSFOCUS. "By deeply simulating protocol layers and mimicking legitimate browser behavior, HTTPBot bypasses defenses that rely on protocol integrity. It also continuously occupies server session resources through randomized URL paths and cookie replenishment mechanisms, rather than relying on sheer traffic volume," said NSFOCUS.
HTTPBot obscures its graphical user interface to maintain stealth and alters the Windows registry for automated operations before receiving commands for attacks that involve the exploitation of concealed Google Chrome instances for spoofed traffic, the simulation of legitimate sessions, the increase of the server's CPU loader, the creation of WebSocket connections, the utilization of HTTP POST for attacks, and the inclusion of a cookie processing flow, according to an analysis from NSFOCUS. "By deeply simulating protocol layers and mimicking legitimate browser behavior, HTTPBot bypasses defenses that rely on protocol integrity. It also continuously occupies server session resources through randomized URL paths and cookie replenishment mechanisms, rather than relying on sheer traffic volume," said NSFOCUS.
