DarkSky botnet spotted evading security measures
Attack Vector: DDoS attack
Summary: A new, recently discovered botnet dubbed DarkSky is advertised for sale on underground market places for less than £15. The advertisement boasts numerous evasion mechanisms, a malware downloader and several network and application layer DDoS attack vectors. It also has anti-virtual machine capabilities to escape security controls such as a sandbox.
Risk assessment summary: The threat is assessed as 3e Moderate and the likelihood has been rated as POSSIBLE due to the fact that the botnet is still evolving. As a result of an increase in sales and testing of the latest version, researchers have observed spikes in different variations of the malware. If successful, the DarkSky botnet is capable of performing DDoS attacks using several vectors, downloading malicious files from a remote server and can turn the infected machine to a SOCKS/ HTTP proxy, which can route traffic through the infected machine to a remote server.