Close
Back | Home Agenda
Share speaker Print

Alvaro Rodriguez

Sekoia
Alvaro Rodriguez

Sessions

16:00h
Talk | HACKING VILLAGE

Unplugging PlugX : Sinkholing the PlugX USB worm botnet

Alvaro Rodriguez
Alvaro Rodriguez Sekoia Speaker

22-05-2024 16:00 22-05-2024 16:20 Europe/Madrid Unplugging PlugX : Sinkholing the PlugX USB worm botnet In March 2023, Sophos published an article entitled “A border-hopping PlugX USB worm takes its act on the road” putting the light on a PlugX variant with worming capabilities. According to the Sophos blogspot, all of these PlugX samples communicate to only one IP address. In September 2023, we managed to take ownership of this IP address to sinkhole that botnet. Hundreds of thousands of unique IP addresses sent PlugX distinctive requests to our sinkhole server in the first weeks of sinkholing. Even if the botnet can be considered as “dead”, anyone with interception capabilities or taking the ownership of this server can send arbitrary commands to the infected computers, repurposing the botnet for malicious activities. This presentation aims to explain the roots of this campaign, our sinkholing methodology, the PlugX internals with some reversing and the legal issues of disinfection leading us to think about the sovereign disinfection concept. Hacking Village
Wed 22 16:00h - 16:20h Hacking Village
Read more

Pedro Mier

Pedro Mier holds a degree in Telecommunications Engineer ing from the Polytechnic University of Catalonia, MBA from ESADE and PADE from IESE. He is currently President of AMETIC (Association of Electronics, Information Technology and Telecommunications Companies of Spain), Shareholder and Chairman of the Board of Directors of TRYO Aerospace & Electronics, Board Member of the Premo Group and Committee of CTTC. member of Space Angels Network and Member of the Sc ientific Advisory

Close