A Security Vulnerability in the KmsdBot Botnet

Source

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­—like its controllers did one day while Akamai was watching­—created a panic crash with an “index out of range” error. Because there’s no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot’s functions. It is, as Akamai notes, “a nice story” and “a strong example of the fickle nature of technology.” [...]