On June 7, 2017, an Irish hacker group known as ‘Cherrypix’ released a torrent of code to a botnet known as the DDoS-for-hire group.
The torrent included code for the popular popular ‘Pwn2Own’ security software, an open source toolkit for developing and testing botnet attacks, and other popular tools.
According to security researcher James Lewis, the botnet had been collecting ‘a fair amount of information about its victims’ online activities’.
‘It’s really easy to see how easy it is for someone to get their hands on this, it’s just a matter of time before someone does,’ he told The Irish Sun.
In response, Cherrypix announced it was taking down its web-based attack tool, Pwn2own.
‘We’ve had to take down the Pwning Toolkit in light of the recent DDoS attacks.
It’s a good thing we did,’ a spokesperson told The Sun.
‘This is part of the overall process of remediation we’re working on to mitigate further botnet activity.
We have taken this step to avoid further disruption to users and businesses in our network and across our services.’
‘A good thing to take away from this is the importance of a robust, safe internet.
As an open-source community, we expect everyone to work together to improve the security of our tools and make them better.
‘As we move forward, we will continue to provide updates on the status of our efforts.’
What to do next?
‘If you’re not running a bot, take it down and let the D-dos go’ In June 2018, the DDD-TECH team announced a new security update for the Pawn Shop and Pawn-O.
It was the first time in six years the company had changed the security update frequency for these two services.
‘What’s more, this update also includes a new patch that improves the DaaS’ resilience to DDoS attack and other attacks,’ a team spokesperson told security researchers.
‘The update is already deployed in the PWN2Own software and is expected to be deployed by the end of the month.
‘At this time, we encourage customers to take a hard look at their PawnShop and PwnO accounts, and report any suspicious activity to the company.’
It remains to be seen whether Cherrypwnix’s latest attack will continue or be taken down.
What else to do?
In the same month CherrypIX shut down its PwnPwn service, its competitors launched new, more popular web hacking toolkit, called ‘Cloak’.
The Cloak toolkit was launched on May 15, 2018.
‘Cloak is a new toolkit based on the popular open source security toolkit Pwnie’, said a team member at the time.
‘Users can now configure it to protect their systems against DDoS and other botnets by using its ‘zero day’ vulnerability disclosure feature to bypass existing security solutions.’
The Cloak team was quick to note that its toolkit is ‘not a replacement for Pwn 2own’.
‘We encourage customers using the CloAK product to take advantage of Pwn Pwn or Pwn O to ensure their systems are fully protected against botnet and other DDoS threat,’ the team said in a statement.
‘If there are any problems with your system after installing the Cloak, you should contact us for assistance.’
‘Pawn Shop’ is the only major security toolset for ‘PWN2own’ to still be in use by customers.
‘Coke’ and ‘Pledge’ are the other two products that still support the toolkit.
If you have questions about botnet-based security, contact security expert Dr David Jones.
You can follow The Irish Guardian on Twitter at @Irish_Guardian or email reporter Andrew McManus.