Security News > 2020 > August > FritzFrog Botnet Attacks Millions of SSH Servers
A peer-to-peer botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January.
SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers.
FritzFrog has attempted to compromise tens of millions of machines so far, and has successfully breached more than 500 servers in total, Guardicore researcher Ophir Harpaz said.
Once this initial syncing is finished, FritzFrog gets creative on the evasion-detection front when it comes to further communication from outside the botnet: "Instead of sending commands directly over port 1234, the attacker connects to the victim over SSH and runs a netcat client on the victim's machine," according to the analysis.
"Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog; consider changing their SSH port or completely disabling SSH access to them if the service is not in use."
News URL
https://threatpost.com/fritzfrog-botnet-millions-ssh-servers/158489/
Related news
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Unpatched Edimax IP camera flaw actively exploited in botnet attacks (source)