Emerging HTTPBot Botnet Hits Gaming and Technology Sectors with Hundreds of Precision DDoS Attacks

16.05.2025

Cybersecurity researchers have identified a new Windows-based botnet called HTTPBot, which has been used to carry out targeted DDoS attacks against the gaming industry, technology companies, educational institutions, and tourism platforms in China. First observed in August 2024, HTTPBot uses HTTP protocols and advanced evasion techniques to bypass traditional detection systems.

Unlike typical botnets that rely on high traffic volumes, HTTPBot focuses on disrupting real-time services such as game login and payment systems. It has issued more than 200 attack instructions since April 2025, indicating a shift from random traffic attacks to precise strikes aimed at critical business functions.

Written in the Go programming language, HTTPBot is unusual for targeting Windows systems. Once installed, it hides its user interface and alters the Windows Registry to ensure it runs automatically at startup, helping it avoid detection by users and security software.

The malware connects to a command and control server and supports various attack modules. These include methods that simulate browser behavior, use cookies to mimic real user sessions, exploit HTTP2 to increase server load, and establish WebSocket connections. Each method is designed to appear legitimate while gradually draining server resources.

By closely imitating normal web traffic and refreshing session details like URLs and cookies, HTTPBot can evade most traffic-based defenses. Its advanced capabilities and focus on key online services make it a serious threat to sectors that depend on constant digital availability.