A new botnet family, HTTPBot, threatens Windows systems. It uses sophisticated HTTP-based DDoS attacks. These attacks aim to disrupt high-value targets. First seen in August 2024, its activity surged. This surge occurred in April 2025. It primarily targets gaming, technology, and education sectors. Developed in GoLang, HTTPBot has a modular design. It bypasses security using randomized headers and dynamic URLs. It precisely targets critical interfaces like payment gateways.
HTTPBot operates using a multistage attack strategy.
It employs unique “attack IDs” to manage campaigns. NSFOCUS Fuying Lab researchers detailed these operations. Unlike typical botnets, it cripples transactional systems. It exploits application-layer vulnerabilities effectively. HTTPBot switches between HTTP and HTTPS protocols. It also adjusts request rates based on server responses. It can launch browser-based attacks using headless Chrome. Operators adopt a “low-traffic, high-impact” approach. Over 80 targets were hit in 15 days.
The malware ensures long-term persistence on infected Windows systems. It combines stealthy execution with registry manipulation.
Initial compromise is often through phishing or exploits. HTTPBot hides its graphical interface to evade monitoring. To survive reboots, it writes its path to a registry key. This ensures it executes at startup. The malware interacts with the Windows Registry using GoLang. This persistence is paired with environmental checks. Some modules only activate on Windows 8 or newer.
Defending against HTTPBot requires adaptive security measures. Signature-based detection alone is insufficient. NSFOCUS recommends behavioral analysis for abnormal sessions. Dynamic cookie injection can help distinguish bots. AI-driven rate limiting can counter randomized requests. The botnet’s evolution demands proactive threat hunting. Critical sectors also need infrastructure elasticity. Organizations must prioritize layered defenses. These defenses must address sophisticated protocol and application-layer deception.
Reference:
