• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new shellbot ddos malware variants targeting poorly managed linux servers

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

You are here: Home / General Cyber Security News / New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
March 21, 2023

Badly managed Linux SSH servers are staying targeted as portion of a new marketing campaign that deploys distinctive variants of a malware identified as ShellBot.

“ShellBot, also regarded as PerlBot, is a DDoS Bot malware created in Perl and characteristically employs IRC protocol to converse with the C&C server,” AhnLab Security Unexpected emergency reaction Centre (ASEC) said in a report.

ShellBot is set up on servers that have weak qualifications, but only immediately after risk actors make use of scanner malware to detect methods that have SSH port 22 open.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


A listing of regarded SSH credentials is made use of to initiate a dictionary attack to breach the server and deploy the payload, soon after which it makes use of the Internet Relay Chat (IRC) protocol to converse with a distant server.

This encompasses the capacity to receive instructions that makes it possible for ShellBot to have out DDoS attacks and exfiltrate harvested info.

ASEC claimed it discovered three unique ShellBot versions – LiGhT’s Modded perlbot v2, DDoS PBot v2., and PowerBots (C) GohacK – the very first two of which offer a wide range of DDoS attack instructions employing HTTP, TCP, and UDP protocols.

PowerBots, on the other hand, will come with extra backdoor-like capabilities to grant reverse shell accessibility and add arbitrary data files from the compromised host.

The conclusions arrive just about 3 months just after ShellBot was utilized in attacks aimed at Linux servers that also dispersed cryptocurrency miners via a shell script compiler.

WEBINARDiscover the Concealed Risks of 3rd-Party SaaS Applications

Are you informed of the hazards associated with third-party application access to your company’s SaaS apps? Be part of our webinar to find out about the sorts of permissions getting granted and how to lower risk.

RESERVE YOUR SEAT

“If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks towards unique targets just after acquiring a command from the danger actor,” ASEC reported. “Moreover, the threat actor could use various other backdoor capabilities to set up added malware or start distinct varieties of attacks from the compromised server.”

The progress also will come as Microsoft revealed a gradual increase in the range of DDoS attacks focusing on health care organizations hosted in Azure, surging from 10-20 attacks in November 2022 to 40-60 attacks day-to-day in February 2023.

Uncovered this post fascinating? Abide by us on Twitter  and LinkedIn to read through more distinctive material we post.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «the best defense against cyber threats for lean security teams The Best Defense Against Cyber Threats for Lean Security Teams
Next Post: Greek intelligence allegedly uses Predator spyware to wiretap Facebook security staffer greek intelligence allegedly uses predator spyware to wiretap facebook security»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.