One of the active servers of the Zunker we mentioned yesterday installs another bot.


Although the first Zunker we talked about was configured to only affect computers with German IPs, this one only affects computers with Russian IPs:


This Zunker installs another bot, which we detect as Bck/Barracuda.A. This bot allows DDoS attacks to be launched and turns affected computers into proxies.

The following image is displayed when we log in through the control panel:



In this screenshot, we can see that there are 14,788 bots, 647 of which were connected at that moment.

There are also 3866 proxies, 171 of which were connected at that moment.

For example, 12133 bots have been assigned for the attack with ID 661700916; this attack started on the 14th May and would end in three day’s time, on the 17th May.


In the screenshot below, we can see how the data to launch DDoS attacks is entered:

Selecting this option, we can see the proxies: