Researchers at Arbor Networks say they have discovered unique samples of a new family of malware that is targeting large investmen firms with holdings in the commodities markets, especially the mining industry.
The malware, dubbed ‘JKDDOS,’ is used to launch distributed denial of service (DDOS) attacks against targets. It is spreading mostly in China, by infecting Windows systems, according to the post on Tuesday from Arbor’s Jeff Edwards.
The malware is believed to be responsible attacks against 78 unique victims, mostly in China and the U.S., but also in Hong Kong and Singapore as well. The victims include the gaming sites and online stores – common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators. But JKDDOS is also targeting large investment firms, especially those involved in the gold mining industry. One New York company was attacked six times in ten days, with the attacks ranging in length from three to 33 hours. The report also details separate attacks on firms investing in wineries and manganese mines. The longest attack they discovered was launched against a Chinese discussion forum and lasted 72 hours.
As of Arbor Networks publication this morning, only one URL in their report continues to serve JKDDOS malware.
You can find the full list of installation names, hosting domains, and service names in the original Arbor Networks report, as well as a comprehensive list of victims and CnC messages.