• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new "b1txor20" linux botnet uses dns tunnel and exploits log4j

New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

You are here: Home / General Cyber Security News / New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
March 16, 2022

A beforehand undocumented backdoor has been noticed concentrating on Linux programs with the purpose of corralling the machines into a botnet and acting as a conduit for downloading and putting in rootkits.

Qihoo 360’s Netlab security workforce named it B1txor20 “based on its propagation applying the file title ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm important length of 20 bytes.”

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Initial noticed propagating by means of the Log4j vulnerability on February 9, 2022, the malware leverages a strategy known as DNS tunneling to construct interaction channels with command-and-control (C2) servers by encoding knowledge in DNS queries and responses.

Linux Botnet

B1txor20, when also buggy in some strategies, now supports the ability to get hold of a shell, execute arbitrary commands, set up a rootkit, open a SOCKS5 proxy, and capabilities to add delicate details back to the C2 server.

After a equipment is properly compromised, the malware utilizes the DNS tunnel to retrieve and execute commands sent by the server.

Prevent Data Breaches

“Bot sends the stolen sensitive details, command execution success, and any other details that wants to be delivered, soon after hiding it employing distinct encoding tactics, to C2 as a DNS ask for,” the scientists elaborated.

“Soon after receiving the ask for, C2 sends the payload to the Bot side as a response to the DNS ask for. In this way, Bot and C2 accomplish conversation with the help of DNS protocol.”

A whole of 15 instructions are applied, chief amid them currently being uploading technique information, executing arbitrary process instructions, looking at and composing information, starting off and stopping proxy solutions, and generating reverse shells.

Uncovered this posting intriguing? Stick to THN on Fb, Twitter  and LinkedIn to read through much more distinctive content material we write-up.


Some pieces of this write-up are sourced from:
thehackernews.com

Previous Post: «new infinite loop bug in openssl could let attackers crash New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
Next Post: Another Destructive Wiper Targets Organizations in Ukraine another destructive wiper targets organizations in ukraine»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.