• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Linux botnet spreads using Log4Shell flaw

You are here: Home / General Cyber Security News / Linux botnet spreads using Log4Shell flaw
March 16, 2022

Visual representation of an active botnet, with several black nodes connected with white strands

Shutterstock

The B1txor botnet, which is spreading by means of the Log4Shell flaw, permits attackers to get shell obtain to Linux devices and put in a rootkit.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Chinese security firm 360Netlab learned and named the bot in February and publicly disclosed it this week. It normally takes the variety of a backdoor for Linux that employs DNS tunnelling for its command and regulate (C2) communications.

The researchers noticed the computer software propagating by way of the Log4Shell flaw in the Logj logging system that was very first uncovered in December.

The domain facts that it employs to converse with its C2 server is encrypted. Once the botnet shopper has decrypted it, it utilizes a DNS query to deliver its communications to the C2 area, like stolen facts and command execution success. The C2 server sends the subsequent payload in the system of a DNS response.

The payload supports 14 guidance, which incorporate basic beaconing to the C2 server, uploading system data, looking at and creating files, forwarding targeted traffic, opening a shell, and executing arbitrary system instructions. The backdoor can also commence a proxy assistance.

The botnet is buggy, according to the Netlab360 staff, with a person socket binding function rendered solely inoperable many thanks to code issues. Yet, sufficient of the code is effective to make it a danger.

“We presume that the creator of B1txor20 will continue to increase and open distinctive options according to various eventualities, so probably we will meet B1txor20’s siblings in the long term,” they claimed in an analysis of the malware.

Linux backdoors are preferred for attacking the servers that operate large portions of the internet. In November, criminals were found applying a single to compromise e-commerce web pages with a software program skimmer. In August, Development Micro described that hackers have been focusing on outdated variations of the running procedure to achieve manage of resources in the cloud.

Last thirty day period, VMware researchers recognized enhanced ransomware attacks in opposition to Linux servers in multi-cloud working environments and known as for additional countermeasures.


Some components of this post are sourced from:
www.itpro.co.uk

Previous Post: «another destructive wiper targets organizations in ukraine Another Destructive Wiper Targets Organizations in Ukraine

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
  • NortonLifeLock and Avast merger could reduce competition, CMA warns
  • Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
  • NSW ditches e-voting system for 2023 election
  • Kaspersky Hits Back at “Politically Motivated” BSI Advisory

Copyright © TheCyberSecurity.News, All Rights Reserved.