• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new shellbot ddos malware variants targeting poorly managed linux servers

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

You are here: Home / General Cyber Security News / New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
March 21, 2023

Badly managed Linux SSH servers are staying targeted as portion of a new marketing campaign that deploys distinctive variants of a malware identified as ShellBot.

“ShellBot, also regarded as PerlBot, is a DDoS Bot malware created in Perl and characteristically employs IRC protocol to converse with the C&C server,” AhnLab Security Unexpected emergency reaction Centre (ASEC) said in a report.

ShellBot is set up on servers that have weak qualifications, but only immediately after risk actors make use of scanner malware to detect methods that have SSH port 22 open.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A listing of regarded SSH credentials is made use of to initiate a dictionary attack to breach the server and deploy the payload, soon after which it makes use of the Internet Relay Chat (IRC) protocol to converse with a distant server.

This encompasses the capacity to receive instructions that makes it possible for ShellBot to have out DDoS attacks and exfiltrate harvested info.

ASEC claimed it discovered three unique ShellBot versions – LiGhT’s Modded perlbot v2, DDoS PBot v2., and PowerBots (C) GohacK – the very first two of which offer a wide range of DDoS attack instructions employing HTTP, TCP, and UDP protocols.

PowerBots, on the other hand, will come with extra backdoor-like capabilities to grant reverse shell accessibility and add arbitrary data files from the compromised host.

The conclusions arrive just about 3 months just after ShellBot was utilized in attacks aimed at Linux servers that also dispersed cryptocurrency miners via a shell script compiler.

WEBINARDiscover the Concealed Risks of 3rd-Party SaaS Applications

Are you informed of the hazards associated with third-party application access to your company’s SaaS apps? Be part of our webinar to find out about the sorts of permissions getting granted and how to lower risk.

RESERVE YOUR SEAT

“If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks towards unique targets just after acquiring a command from the danger actor,” ASEC reported. “Moreover, the threat actor could use various other backdoor capabilities to set up added malware or start distinct varieties of attacks from the compromised server.”

The progress also will come as Microsoft revealed a gradual increase in the range of DDoS attacks focusing on health care organizations hosted in Azure, surging from 10-20 attacks in November 2022 to 40-60 attacks day-to-day in February 2023.

Uncovered this post fascinating? Abide by us on Twitter  and LinkedIn to read through more distinctive material we post.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «the best defense against cyber threats for lean security teams The Best Defense Against Cyber Threats for Lean Security Teams
Next Post: Greek intelligence allegedly uses Predator spyware to wiretap Facebook security staffer greek intelligence allegedly uses predator spyware to wiretap facebook security»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.