A new botnet malware named HTTPBot has been identified by cybersecurity researchers, with a primary focus on targeting the gaming industry, technology companies, and educational institutions in China. The malware, which employs highly simulated HTTP Flood attacks and dynamic obfuscation techniques, poses a significant threat by evading traditional detection mechanisms. HTTPBot, discovered in August 2024, stands out for its use of HTTP protocols for launching distributed denial-of-service attacks on Windows systems.
The Windows-based HTTPBot trojan is known for its precise targeting of high-value business interfaces, such as game login and payment systems. This targeted approach represents a shift in DDoS attacks, moving from indiscriminate traffic suppression to high-precision business disruption. The botnet has been responsible for issuing over 200 attack instructions since April 2025, primarily affecting the gaming industry, technology companies, educational institutions, and tourism portals in China.
Upon installation, HTTPBot conceals its graphical user interface to avoid detection and manipulation by users and security tools. It also modifies the Windows Registry to ensure automatic execution during system startup. The malware establishes communication with a command-and-control server to receive instructions for conducting HTTP flood attacks against specific targets using various attack modules.
Unlike typical DDoS botnets that target Linux and IoT platforms, HTTPBot specifically focuses on Windows systems. By mimicking legitimate browser behavior and occupying server resources through randomized URL paths and cookie replenishment mechanisms, HTTPBot bypasses protocol integrity-based defenses and poses a significant threat to industries relying on real-time interactions. This sophisticated malware underscores the evolving landscape of cyber threats and the importance of robust cybersecurity measures.
Source link