Switch from 100,000 computers
It turns out botnets are used not only to steal personal data, but also for minor wrecking in the form of shutting down infected computers. In April of this year, Zeus / Zbot bots were issued a command called “KOS” - “Kill Operating System”, as a result of which about 100,000 Windows users saw a blue screen. But it’s not entirely clear why the botnet owners needed to “kill” the computers under their control.
Swiss expert Roman Hussie runs a Zeustracker site tracking botnet distribution. In April, he noticed an unusual command given to more than 100,000 infected computers.
The most interesting thing is the question of why the botnet owners made this seemingly completely unprofitable step for them. After all, they actually violated the work of their own botnet with their own hands. Security experts are at a loss about this. One version is that the attackers, after a massive theft of financial data, thus decided to gain time in order to use this data to seize the victims' money. That is, roughly speaking, they transferred money from the accounts while the victims rebooted their computers. According to other experts, Zeus’s control servers were hacked by another group of hackers or owners of another botnet, which in this way decided to get rid of competitors.
So the next time you see the blue screen of death, maybe someone is indulging in a botnet switch.
via ArsTechnica