Microsoft researchers have discovered that Windows-Linux bots are scraping Minecraft servers in “high efficiency” DDoS attacks.
As I mentioned ArsTechnicathe MCCrash bot sends a command that populates the username entry dialog on the Minecraft server login page crashing the server by exhausting its resources.
Using the env variable will use log4j 2 library, causing abnormal consumption of system resources (unrelated to [the] Log4Shell vulnerability), demonstrating a specific and highly efficient DDoS method,” the Microsoft researchers wrote.
Massive MCCrash botnet reach
Microsoft has also indicated that MCCrash has the ability to crash servers running a variety of versions of game server software.
This is where it gets a little complicated: MCCrash itself is hard coded only to target version 1.12.2, but the attack technique is sufficient to take down servers running versions 1.7.2 to 1.18.2, which ArsTechnica estimates That being about half of all Minecraft services running today.
patching The server software to version 1.9 makes the botnet technology ineffective, but even without it, Microsoft is grateful that the impact of the botnet is limited.
The wide range of vulnerable Minecraft servers highlights the impact of this malware It would have happened if it was specifically coded to affect versions beyond 1.12.2, Microsoft researchers wrote.
“This threat’s unique ability to use Internet of Things (IoT) devices that are often unmonitored as part of a botnet greatly increases its impact and reduces its chances of detection.”
The most common initial hit points for an MCC crash are windows Devices that have installed software intended to activate the operating system with illegitimate licenses, but mainly containing malware that, belatedly, installs a python script that provides the botnet’s logic.
> Below is a list of the best endpoint protection available today
> The Minecraft server has suffered a record-breaking DDoS attack
> A new dangerous malware turns Windows and Linux devices into DDoS tools
Infected Windows devices scan the Internet for running devices Linux distributions such as Debian, Ubuntu, and CentOS, and use the default login credentials to run the same .py script on these new machines, which are then used to launch DDoS attacks on Minecraft servers and other hardware.
Microsoft did not disclose how many devices were infected with MCCrash, however ArsTechnica Geographical division claims many of them are in Russia, echoing a sentiment Microsoft’s Digital Defense Report 2022which claims that the conflict between Russia and Ukraine is partly driven by cybercrime.
- Check out our list of Best Linux server distributions Immediately