* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate)
* botnet

# Palo Alto Networks

## botnet

[](https://www.paloaltonetworks.com.au/blog/security-operations/303502/)  
[Playbook of the Week: Swallow Traffic to Malicious Domains with DNS Sinkholes
\-----------------------------------------------------------------------------](https://www.paloaltonetworks.com.au/blog/security-operations/303502/)

Automatically redirect traffic away from malicious domains using DNS sinkholes  
[Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)  
Aug 31, 2023  
By [Ido Van Dijk](https://www.paloaltonetworks.com/blog/author/ido-van-dijk/?ts=markdown "Posts by Ido Van Dijk")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

![Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux an...](https://www.paloaltonetworks.com.au/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/)

Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers  
Sep 17, 2018  
By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Xingyu Jin](https://www.paloaltonetworks.com/blog/author/xingyu-jin/?ts=markdown "Posts by Xingyu Jin")  
![Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, Soni...](https://www.paloaltonetworks.com.au/blog/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/)

Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.  
Sep 09, 2018  
By [Ruchna Nigam](https://www.paloaltonetworks.com/blog/author/ruchna-nigam/?ts=markdown "Posts by Ruchna Nigam")  
![Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaigns](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaigns](https://www.paloaltonetworks.com.au/blog/2018/07/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns/)

Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploit...  
Jul 20, 2018  
By [Ruchna Nigam](https://www.paloaltonetworks.com/blog/author/ruchna-nigam/?ts=markdown "Posts by Ruchna Nigam")  
![IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vulnerability](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vu...](https://www.paloaltonetworks.com.au/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/)

Unit 42 researchers outline the evolution of Satori, a malware family targeting zero-day vulnerabilities in IoT devices  
Jan 11, 2018  
By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanhui-jia/?ts=markdown "Posts by Yanhui Jia")  
![New IoT/Linux Malware Targets DVRs, Forms Botnet](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [New IoT/Linux Malware Targets DVRs, Forms Botnet](https://www.paloaltonetworks.com.au/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/)

Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia".  
Apr 06, 2017  
By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanui-jia/?ts=markdown "Posts by Yanhui Jia")  
[](https://www.paloaltonetworks.com.au/blog/2016/07/unit42-andromeda-botnet-targets-italy-in-recent-spam-campaigns/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Andromeda Botnet Targets Italy in Recent Spam Campaigns](https://www.paloaltonetworks.com.au/blog/2016/07/unit42-andromeda-botnet-targets-italy-in-recent-spam-campaigns/)

Over the past month, Palo Alto Networks has observed two spam campaigns targeting users residing in Italy. The spam emails attempt to install the pervasive Andromeda malware onto victim machines. This malware h...  
Jul 18, 2016  
By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene")  
[](https://www.paloaltonetworks.com.au/blog/2016/02/locky-new-ransomware-mimics-dridex-style-distribution/)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Locky: New Ransomware Mimics Dridex-Style Distribution](https://www.paloaltonetworks.com.au/blog/2016/02/locky-new-ransomware-mimics-dridex-style-distribution/)

Ransomware persists as one of the top crimeware threats thus far into 2016. While the use of document-based macros for ransomware distribution remains relatively uncommon, a new family calling itself "Locky" ha...  
Feb 16, 2016  
By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates") and [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs")  
[](https://www.paloaltonetworks.com.au/blog/2015/02/filmkan-mysterious-turkish-botnet-grows-facebook/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Filmkan: Mysterious Turkish Botnet Grows Through Facebook](https://www.paloaltonetworks.com.au/blog/2015/02/filmkan-mysterious-turkish-botnet-grows-facebook/)

On January 31, a security researcher named Mohammad Faghani posted an analysis of malware that was being distributed through Facebook posts. Based on the number of "likes" the malw...  
Feb 05, 2015  
By [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson")  
[](https://www.paloaltonetworks.com.au/blog/2014/11/kuluoz-trends-october-2014/)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Kuluoz Trends -- October 2014](https://www.paloaltonetworks.com.au/blog/2014/11/kuluoz-trends-october-2014/)

The Asprox/Kuluoz malware family has a special place in our hearts at Palo Alto Networks. This botnet-related Trojan malware has evolved from its 2007 roots into a simple and yet robust mass e-mail phishing threat that is the origin of a significant percentage of Intern...  
Nov 07, 2014  
By [Rob Downs](https://www.paloaltonetworks.com/blog/author/rob-downs/?ts=markdown "Posts by Rob Downs") and [Victor Ocho](https://www.paloaltonetworks.com/blog/author/victor-ocho/?ts=markdown "Posts by Victor Ocho")  
[](https://www.paloaltonetworks.com.au/blog/2011/08/irc-on-non-standard-ports/)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

## [IRC on Non-Standard Ports](https://www.paloaltonetworks.com.au/blog/2011/08/irc-on-non-standard-ports/)

Johannes B. Ullrich from SANS wrote about a user that made an interesting find in their network (you can read Johannes note here). In short, the user wrote an IDS signature to look for the NICK and USER commands that signify the start of an IRC session, and lo and behol...  
Aug 04, 2011  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
[](https://www.paloaltonetworks.com.au/blog/2010/08/how-palo-alto-network%e2%80%99s-next-generation-firewalls-protect-against-torpig-attack/)  
[Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisoryanalysis/?ts=markdown)

## [How Palo Alto Network's Next-Generation Firewalls Protect Against Torpig At...](https://www.paloaltonetworks.com.au/blog/2010/08/how-palo-alto-network%e2%80%99s-next-generation-firewalls-protect-against-torpig-attack/)

In this blog, I talk about how our next-generation firewalls protect against botnets such as Torpig. There are 3 parts to a botnet attack:  
Aug 19, 2010  
By [Anna Lough](https://www.paloaltonetworks.com/blog/author/anna-lough/?ts=markdown "Posts by Anna Lough")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language