A new botnet built for knocking websites offline has attacked mostly Chinese and some U.S. sites, according to researchers.
About 90 percent of the command and control servers running YoyoDdos, the nickname given the botnet by researchers at Arbor Networks who have been studying and tracking it, have IP addresses in China, and two-thirds of its victim websites are out of China. The botnet has attacked around 180 websites so far, including 32 in the U.S.
“It is a pretty active botnet,” says Jeff Edwards, a research analyst with Arbor who has been analyzing the botnet, which first appeared in Arbor’s honeypot servers back in March. “We’ve detected a lot of attacks coming out of it … [around] ten unique victims a day.”
The malware itself isn’t particularly sophisticated, however. “It’s pretty typical of a lot of malware we see,” he says. “It’s a fairly non-sophisticated piece of malware, but effective.”