Security News > 2021 > November > Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux

Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service attacks against targets.

While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 have been equipped with additional updates to strike Linux web servers with weak passwords and are susceptible to N-day vulnerabilities, including a custom implementation of DDoS functionality, indicating that the malware is under continuous development.

Netlab's findings also build on a report from Trend Micro early last month, which publicized attacks targeting Huawei Cloud with cryptocurrency-mining and cryptojacking malware.

Once installed on a compromised host, the malware triggers the execution of a series of steps that results in the infected device being repurposed as a web server, in addition to reporting the system information to a command-and-control server, spreading the malware to new devices by scanning for open ports, and self-updating itself as and when new features are made available by its operators.

"Interesting thing is that the sample [updated] on October 21 uses the open-source ATK Rootkit to implement the DDoS function," a mechanism which the researchers said "Requires Abcbot to download the source code, compile, and load the rootkit module before performing [a] DDoS attack."

In a related development, AT&T Alien Labs took the wraps off a new Golang malware dubbed "BotenaGo" that has been discovered using over thirty exploits to attack millions of routers and IoT devices potentially.

News URL

https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html