New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
1 min read
Mar 26, 2023
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot.
"ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report.
ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.
A list of known SSH credentials is used to initiate a dictionary attack to breach the server and deploy the payload, after which it leverages the Internet Relay Chat (IRC) protocol to communicate with a remote server.
The link for this article located at The Hacker News is no longer available.
Related Articles
1 - 0 min read
KDE Issues Warning After Theme Wipes Linux Users
1 - 0 min read
Ubuntu Tool Could Trick Users Into Installing Rogue Packages
1 - 0 min read
8220 Hacker Group Attacking Windows & Linux Web Servers
1 - 0 min read
New SLAM Attack Threatens Future CPUs Security
