Security News > 2020 > August > FritzFrog Botnet Attacks Millions of SSH Servers
A peer-to-peer botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January.
SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers.
FritzFrog has attempted to compromise tens of millions of machines so far, and has successfully breached more than 500 servers in total, Guardicore researcher Ophir Harpaz said.
Once this initial syncing is finished, FritzFrog gets creative on the evasion-detection front when it comes to further communication from outside the botnet: "Instead of sending commands directly over port 1234, the attacker connects to the victim over SSH and runs a netcat client on the victim's machine," according to the analysis.
"Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog; consider changing their SSH port or completely disabling SSH access to them if the service is not in use."
News URL
https://threatpost.com/fritzfrog-botnet-millions-ssh-servers/158489/
Related news
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)