Microsoft researchers have discovered a Windows Linux botnet that disables Minecraft server in “highly efficient” DDoS Attacks.
As reported by ArsTechnica (opens in new tab)the MCCrash botnet sends a command that populates the username input dialog box on a Minecraft server’s login page, which crashes the server by draining its resources.
“Using the env variable triggers the use of log4j 2 library causing abnormal consumption of system resources (unrelated to [the] Log4Shell vulnerability) that demonstrate a specific and highly efficient DDoS method,” Microsoft researchers wrote.
The enormous reach of the MCCrash botnet
Microsoft also found that MCCrash can crash servers running a variety of versions of the game’s server software.
This is where things get a bit complicated: MCCrash itself is only hardcoded for version 1.12.2, but the attack technique is enough to bring down servers running versions 1.7.2 to 1.18.2 huh ArsTechnica estimates make up about half of all Minecraft services running today.
patch The version 1.9 server software renders the botnet’s technology ineffective, but even without this, Microsoft is grateful that the botnet’s impact is limited.
“The wide range of compromised Minecraft servers underscores the impact malware could have if it was specifically coded to affect versions after 1.12.2,” Microsoft researchers wrote.
“This threat’s unique ability to leverage Internet of Things (IoT) devices, which are often not monitored as part of the botnet, greatly increases its impact and reduces its chances of detection.”
The most common initial infection points for MCCcrash are Windows Machines that have software installed that pretends to activate the operating system with illegal licenses, but mainly contains the malware that delays installing a Python script that provides the botnet’s logic.
Infected Windows devices then search the Internet for running devices Linux distributions B. Debian, Ubuntu and CentOS and use default credentials to run the same .py script on these new devices, which are then used to launch DDoS attacks on Minecraft servers and other devices.
Microsoft has not disclosed the number of devices infected by MCCrash, but ArsTechnica claims that a geographic breakdown shows many are in Russia, reflecting the sentiments of the Microsoft Digital Defense Report for 2022which claims that the conflict between Russia and Ukraine is fueled in part by cybercrime.
https://www.techradar.com/news/microsoft-uncovers-ddos-campaign-targeting-minecraft-servers Microsoft uncovers DDoS campaign targeting Minecraft servers