Brain Food botnet spreads malicious PHP scripts and has found 5,000 websites

Proofpoint researcher Andrew Conway analyzed a Brain Food botnet last week. According to Conway, the spam campaign promoted by the botnet was discovered as early as last March. The source of the botnet may have come from a malicious PHP script because the script has been secretly redirecting users to lose weight and improve. Intellectual pill on the web page. According to statistics, there are currently more than 5,000 websites on which the script exists. After Conway traced these sites, most of them were found on the GoDaddy network, and only active websites in the past week have exceeded 2400.

Conway said the script was used to keep hacked sites under the control of cybercriminals and to manage the dynamic redirection of various spam activities. According to a recent spam campaign, the PHP script was able to get new “redirection targets” from Brain Food operators and collect click statistics for each event.

Although the botnet only pushes some spam, it has no practical harm to the user, but it is dangerous for the infected website, mainly because it has similar backdoor functions, allowing botnet operators to perform whatever they want. Any code.

Source: BleepingComputer