{"id":9260,"date":"2019-08-28T02:34:38","date_gmt":"2019-08-28T02:34:38","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9260"},"modified":"2026-04-17T18:07:52","modified_gmt":"2026-04-17T18:07:52","slug":"botnet-trend-report-11","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/botnet-trend-report-11\/","title":{"rendered":"Botnet Trend Report-11"},"content":{"rendered":"


\n<\/p>\n

4.2.2 Analysis <\/strong><\/h2>\n

During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of which were in two Central American countries. The following map shows the distribution of BillGates targets in China that NSFOCUS was able to directly monitor.<\/p>\n

\"Red<\/a><\/p>\n

BillGates ignored common ports, such as 22, 23, 80, 8080, and 443, and instead attacked uncommon ports as its targets. These uncommon ports are not usually bound to known protocols but are used to provide agent and gaming services. This leads us to believe that BillGates is focused on agent tools, online gaming servers, and proprietary gaming servers.<\/p>\n

The following figure shows ports attacked by the family.<\/p>\n

\"Red<\/a><\/p>\n

The following figure shows that BillGates received attack instructions almost around the clock. In our opinion, the even time distribution suggests that this botnet family is highly automated and likely being used as some form of botnet-as-a-service. Thus, the BillGates family may be deployed in a very efficient environment operated by a well-organized group.<\/p>\n

Interestingly, BillGates became inert after members of another active hacking group, Shadow (Anying in Mandarin) DDoS group, were arrested. It is not known whether the two groups were directly linked or BillGates’ controllers decided to shut down operations after the high-profile arrest. However, the rise and fall of BillGates is a good view into the lifecycle of botnet development and provides good examples of attack event traceback and behavior analysis.<\/p>\n

\"Red<\/a><\/p>\n

To be continued.<\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"

4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of which were in two Central American countries. The following map shows the distribution of BillGates targets in China that NSFOCUS was able to directly monitor. BillGates ignored common ports, such as 22, […]<\/p>\n","protected":false},"author":1,"featured_media":8884,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[5,15],"tags":[119],"class_list":["post-9260","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ddos-mitigation","category-research-reports","tag-botnet-trend-report"],"acf":[],"yoast_head":"\nBotnet Trend Report-11 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Botnet Trend Report-11 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-28T02:34:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Botnet Trend Report-11 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Botnet Trend Report-11\",\"datePublished\":\"2019-08-28T02:34:38+00:00\",\"dateModified\":\"2026-04-17T18:07:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/\"},\"wordCount\":239,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/botnet.jpg\",\"keywords\":[\"Botnet Trend Report\"],\"articleSection\":[\"DDoS Mitigation\",\"Research & Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/\",\"name\":\"Botnet Trend Report-11 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/botnet.jpg\",\"datePublished\":\"2019-08-28T02:34:38+00:00\",\"dateModified\":\"2026-04-17T18:07:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/botnet.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/botnet.jpg\",\"width\":816,\"height\":555,\"caption\":\"Botnet Trend Report cover with green design.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/botnet-trend-report-11\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Botnet Trend Report-11\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Botnet Trend Report-11 - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Botnet Trend Report-11 - NSFOCUS","og_description":"4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of","og_url":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/","og_site_name":"NSFOCUS","article_published_time":"2019-08-28T02:34:38+00:00","article_modified_time":"2026-04-17T18:07:52+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Botnet Trend Report-11 - NSFOCUS","twitter_description":"4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Botnet Trend Report-11","datePublished":"2019-08-28T02:34:38+00:00","dateModified":"2026-04-17T18:07:52+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/"},"wordCount":239,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","keywords":["Botnet Trend Report"],"articleSection":["DDoS Mitigation","Research & Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/","url":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/","name":"Botnet Trend Report-11 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","datePublished":"2019-08-28T02:34:38+00:00","dateModified":"2026-04-17T18:07:52+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/06\/botnet.jpg","width":816,"height":555,"caption":"Botnet Trend Report cover with green design."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/botnet-trend-report-11\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Botnet Trend Report-11"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=9260"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9260\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/8884"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=9260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=9260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=9260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}