News

WireX botnet operator charged with organizing DDoS attacks

The US Department of Justice, in absentia, accused the administrator of the Android botnet WireX, a 32-year-old Turkish citizen Izzet Mert Ozek, of organizing a DDoS attack on a transnational hotel chain.

Ozek has reportedly not yet been arrested and authorities believe he is currently residing in Turkey.

According to court documents, the WireX botnet consisted of approximately 120,000 Android devices, judging by the unique IP addresses seen in the WireX attacks, and in 2017 used that power to attack an unnamed company’s website and its online booking system. The name of the affected company was not disclosed, it is only known that the servers of its website were located in northern Illinois.

The hospitality company, which managed luxury hotels and resorts, was headquartered in Chicago and the servers for its website were located in northern Illinois.a DOJ press release says.

The WireX botnet was launched in mid-July 2017 and was built using hundreds of malicious apps distributed through the Google Play Store and third-party app stores. The botnet’s attacks began in July of that year, and sometimes its operators sent ransom messages to victims.

The botnet attracted attention of cybersecurity researchers in August 2017, when it was seen in large-scale Layer 7 DDoS attacks targeting several large CDNs and content providers. According to experts who studied these incidents, the botnet carried out DDoS attacks using bots from 100 countries around the world and using about 120,000 IP addresses.

Shortly after these attacks, at the end of August 2017, the botnet was brought down by the joint efforts of researchers from Akamai, Cloudflare, Flashpoint, RiskIQ, Google, Oracle Dyn, Team Cymru, other companies and the FBI.

Although the Justice Department does not reveal whether Ozek was the administrator of the WireX botnet or only rented it from other hackers, Bleeping Computer journalists write that they managed to connect Ozek to the infrastructure used by the botnet. So, on his LinkedIn page it says that he is the founder of AxClick, and this name appeared in several subdomains of the same root domain (axclick [.] Store) that made up the WireX management infrastructure.

Let me remind you that we talked about the fact that 33 BEC Black Ax fraudsters that stole more than $ 17 million arrested in the US, as well as that, for example, China declared a real war on DDoS services.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

2 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

2 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

2 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

2 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

6 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

6 hours ago