Exodus DDOS Attack Bot
Its recently come to light that a very well known add-on is ddos’ing a site, the Exodus botnet! OK I will explain very quickly what these terms mean. DDOS is a “distributed denial of service” attack, this is a means to bring down or overwhelm a server with too many requests. This is effected by uploading or infecting many devices with such code to send the requests. The code and the devices are referred to as a botnet. The devices can be phones, pcs and increasingly any “computerised device”, such as Android boxes common to Kodi users.
Malicious Intent?
I think it should be stated immediately, this is neither a virus nor carries malicious code for any users. There is no need to panic or start factory resetting everything in sight. The discovered code intentions are to bring down a copycat add-on, the ethics of which I will go into further after I show you the proof. If you continue to use Exodus you do so in the knowledge that you are part of the attack network.
Exodus Botnet
There are claims almost weekly of malicious intentions, “virus” installs on devices, add-ons stealing data etc, etc. However very rarely does anyone have any actual proof, cold hard lines of code and network analysis to back it up.
I do.
The image above shows the Exodus botnet in action, calling the urls repeatedly. You can see some of them fail, as you might expect, the server has been overwhelmed. I will how you the code thats generating the above calls, 30 to one site and 40 to another in very quick succession.
The “Attack” Code
I have posted the above image to show this in context, so any other people who can read code can verify this isn’t some click-bait gambit on my part. The image below shows the lines very clearly generating the attack.
So we can clearly see this code has been added to specifically target the rmkodi shop urls and the github address for an add-on zip download.
The Ethical Dilema
The Exodus botnet will be no doubt create, much beating of drums and trolls across social media with this news. I want to be very clear, there is no malicious intent towards users, this attack is focused on two specific urls. There are other questions to be asked here. To use this method of protest, or to remove something to which you object, is illegal in the US & UK. In addition Lambda is a member of TV Addons, who as an organisation not long ago, threatened any coders on “their books” with expulsion for adding code that removed a certain “copy n paste add-on”. So what will TVA do with Lambda now? He is a massive contributor to the Kodi community with THE most popular add-on ever, if he is expelled from TVA, what becomes of Exodus?
The Consequences
My personal view is that in adding this code, which is easy to find and copy, Lambda has inadvertently passed a very efficient piece of ddos coding to every wannabe site killer in Kodi land. You know this will be cut-n-pasted by those that always seek to bring drama to the scene. You can expect an upsurge in DDOS activity in future.
Is Lambda justified in taking this action? If it was a simple case of protecting your work, I would say yes. It is ethically wrong to simply take someone else’s many years of work, change the badges and push it out as your own. I day this because Lambda has never taken donations, ever to my knowledge, so what he gives, he gives freely in the truest spirit of open source community. Whenever something is copied, it always leads to a money trail, either direct payments or via donations.
What Should You Do Now?
The choice is yours, if you support Lambda and his protest, carry on as before. I have stated repeatedly there is no malicious threat to any Exodus users, this is a targeted attack on two specific sites. If you object to this Exodus botnet activity in your name, you can simply uninstall Exodus and use one of the many other add-ons. You could of course simply amend your local code and turn off auto updates to preserve your modifications.
Thanks to the dev(s) for bringing this to our attention – I will happily add their names with permission to do so.
Source Ares Project
------------------------------------------------------------------------------------------------------------------------------
Can't say I would condemn him/them for doing it, I would have just hidden it better
Reply With Quote
Social Networking Bookmarks