Suspected MegalodonHTTP DDoS botnet author arrested

Graham Cluley

Megaolodon thumb

Megaolodon
Security firm Damballa says that when computer crime cops in Norway arrested five men last month in a joint operation with Europol, one of them was the creator of the MegalodonHTTP botnet used to launch distributed denial-of-service (DDoS) attacks against websites.

At the time of the arrest by Norway’s Kripos national criminal investigation service, little was known other than the men had been charged with possessing, using and selling malware including remote access trojans (RATs), and that they were aged between 16 and 24 years old.

Now Damballa says that it worked together with the Norwegian authorities over the space of a “few months” to track and identify the author of MegalodonHTTP.

MegalodonHTTP, perhaps the most clumsily-named botnet in existence, relied upon every Windows PC it tried to hijack into its DDoS botnet to have .NET installed and running by default – almost certainly limiting the number of victims it managed to successfully compromise.

Described by Damballa researchers as “skid malware” (malware for script kiddies), the fact that it was advertised for a low price on hacking forums inevitably made MegalodonHTTP attractive to some.

Megalodonhttp

Damballa says that it is not at liberty to release the true identity of MegalodonHTTP’s author, who goes by the online handle of “Bin4ry”, but that he is no longer active or doing business.

If it’s true that another malware author’s activities have been curtailed then that’s good news, and we can only hope that other youngsters will be deterred from entering a life of cybercrime.

More details on MegalodonHTTP can be found in this Damballa blog post published last November.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Suspected MegalodonHTTP DDoS botnet author arrested”

  1. Not at liberty? Well with the handle it might be that others can. But if they really think it is worth it they either have too much time (and they're bored or curious enough – even if to see how easy it is) or they have issues; I can understand the former but the latter not so much (but perhaps it's hard to separate the two).

    I would argue that all DDoS tools are for script kiddies. Especially if it's a GUI like this one apparently is (or maybe that's just the website … but I would guess there is a GUI ?)

    … maybe it's because I remember the pre-DDoS days (just DoS) where you had the actual source code (maybe some new ones do ?) of the exploits (e.g. smurf, jolt, teardrop, winnuke, etc.) available and some you had to understand at least part of it to use (smurf comes to mind as an example). Others you also had to know how to enable it (because some authors were ethical and deliberately put in code that prevented it from being abused by people too inept to understand it); the amusement and bemusement of seeing people whining and insisting that they needed SYN flooder (unsure on the one in Phrack magazine which describes it in detail and trust relationship exploitations) to work for 'laboratory work' when the the code disabling it would take 1 second max. to change. But that's a good thing as it prevented a script kiddie from abusing it.

    Of course even then script kiddies used the exploits that they could but many (.. I presume… I know I did) enjoyed not actually using them but the technical aspects of it (both the low level networking stuff, how the exploit works and the source code itself).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES