Malware, Vulnerability Management

Linux SSH servers targeted by novel ShellBot malware variants

Mismanaged Linux SSH servers are being subjected to a new attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, according to The Hacker News. Both DDoS PBot v2.0 and Modded perlbot v2 offer commands to facilitate distributed denial-of-service attacks, while PowerBots, which has capabilities more akin to a backdoor, could facilitate reverse shell access and arbitrary file uploading, a report from the AhnLab Security Emergency Response Center revealed. Attackers using the Perl-based ShellBot malware have been targeting systems with open SSH port 22, with various SSH credentials leveraged to commence a dictionary attack and prompt payload deployment, which will then be followed by the use of the Internet Relay Chat protocol for command-and-control server communications, said researchers. "If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets after receiving a command from the threat actor. Moreover, the threat actor could use various other backdoor features to install additional malware or launch different types of attacks from the compromised server," said ASEC.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.