Enlarge (credit: Aurich Lawson / Ars Technica)
Microsoft researchers have discovered a hybrid Windows-Linux botnet that uses a highly efficient technique to take down Minecraft servers and performs distributed denial-of-service attacks on other platforms.
Dubbed MCCrash, the botnet infects Windows machines and devices running various distributions of Linux for use in DDoS attacks. Among the commands the botnet software accepts is one called ATTACK_MCCRASH. This command populates the user name in a Minecraft server login page with ${env:random payload of specific size:-a}. The string exhausts the resources of the server and makes it crash.
A packet capture showing the TCP payload for crashing Minecraft servers. (credit: Microsoft)
“The usage of the env variable triggers the use of Log4j 2 library, which causes abnormal consumption of system resources (not related to Log4Shell vulnerability), demonstrating a specific and highly efficient DDoS method,” Microsoft researchers wrote. “A wide range of Minecraft server versions can be affected.”