Breach, Malware

New technique leveraged in ShellBot DDoS attack against Linux SSH servers

Poorly secured Linux SSH servers have been subjected to attacks with the ShellBot distributed denial-of-service malware that involved the use of IP addresses modified into their hexadecimal form, reports The Hacker News. Hexidecimal IP addresses have been leveraged in new ShellBot attacks in a bid to bypass URL detection systems, according to a report from the AhnLab Security Emergency Response Center. "Due to the usage of curl for the download and its ability to support hexadecimal just like web browsers, ShellBot can be downloaded successfully on a Linux system environment and executed through Perl," said ASEC. Such a development follows another ASEC report detailing the exploitation of atypical certificates for the deployment of the RedLine Stealer variant RecordBreaker and Lumma Stealer information-stealing malware. "These types of malware are distributed via malicious pages that are easily accessible through search engines (SEO poisoning), posing a threat to a wide range of unspecified users," noted ASEC.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.