Security News > 2020 > August > FritzFrog Botnet Attacks Millions of SSH Servers
A peer-to-peer botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January.
SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers.
FritzFrog has attempted to compromise tens of millions of machines so far, and has successfully breached more than 500 servers in total, Guardicore researcher Ophir Harpaz said.
Once this initial syncing is finished, FritzFrog gets creative on the evasion-detection front when it comes to further communication from outside the botnet: "Instead of sending commands directly over port 1234, the attacker connects to the victim over SSH and runs a netcat client on the victim's machine," according to the analysis.
"Routers and IoT devices often expose SSH and are thus vulnerable to FritzFrog; consider changing their SSH port or completely disabling SSH access to them if the service is not in use."
News URL
https://threatpost.com/fritzfrog-botnet-millions-ssh-servers/158489/
Related news
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)