Poorly secured Linux SSH servers have been subjected to attacks with the ShellBot distributed denial-of-service malware that involved the use of IP addresses modified into their hexadecimal form, reports The Hacker News.
Hexidecimal IP addresses have been leveraged in new ShellBot attacks in a bid to bypass URL detection systems, according to a report from the AhnLab Security Emergency Response Center.
"Due to the usage of curl for the download and its ability to support hexadecimal just like web browsers, ShellBot can be downloaded successfully on a Linux system environment and executed through Perl," said ASEC.
Such a development follows another ASEC report detailing the exploitation of atypical certificates for the deployment of the RedLine Stealer variant RecordBreaker and Lumma Stealer information-stealing malware.
"These types of malware are distributed via malicious pages that are easily accessible through search engines (SEO poisoning), posing a threat to a wide range of unspecified users," noted ASEC.
