Show vulnerabilities with patch / with exploit
27 May 2020

One of China's largest malware botnets is temporarily disrupted by Chinese tech firms


One of China's largest malware botnets is temporarily disrupted by Chinese tech firms

Chinese tech companies Qihoo 360 and Baidu have teamed up in a fight against DoubleGuns, one of China's largest malware botnets that targets only users in China and is believed to have infected hundreds of thousands of victims to date.

DoubleGuns is a Windows malware that has been targeting Chinese users since 2017. While growing in size, the botnet has undergone a few changes in the past three years. The malware is mainly being spread via malicious apps shared on Chinese websites, with most being pirated games made available on Chinese social networks and gaming forums.

The main purpose of DoubleGuns is to deliver MBR and VBR bootkits on infected devices, install various malicious drivers, and then steal credentials from local apps, such as Steam. The malware can also act as adware and is able to hijack QQ accounts to spread ads to the victim's friends via private messages, ZDNet wrote.

In a recent blog post Qihoo said that since May 14 it has been working with the Baidu security team to disrupt the DoubleGuns botnet operations. The companies’ joint efforts resulted in the takedown of some of the botnet's backend infrastructure, most of which has been using Baidu's Tieba image hosting service.

Qihoo said that for the past three years DoubleGuns has been downloading images from the Tieba service. The malware used a technique known as steganography to conceal malicious code in images. This code was used to provide DoubleGun bots with instructions of what operations to perform on the infected hosts.

For the past two weeks Qihoo and Baidu have been working on identifying and taking down malicious images and logging connections from infected hosts, which gave them insight into a real size of the botnet, currently estimated at "hundreds of thousands" of infected hosts.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020