Security News > 2022 > March > Linux botnet exploits Log4j flaw to hijack Arm, x86 systems

Linux botnet exploits Log4j flaw to hijack Arm, x86 systems
2022-03-16 18:05

A new Linux botnet is using the infamous Log4j vulnerability to install rootkits and steal data.

Researchers at Chinese internet security company Qihoo's 360's Network Security Research Lab discovered the botnet family, which they dubbed B1txor20, as it was infecting new hosts via the Log4j vulnerability.

"In addition to the traditional backdoor functions, B1txor20 also has functions such as opening Socket5 proxy and remotely downloading and installing Rootkit," the threat researchers wrote.

In total, 360 Netlab nabbed found four different B1txor20 samples that the threat researchers said support 15 functions.

The threat researchers aren't putting it past the criminals to call on the unused code or fix the bugs in the future.

Finally, in what they deemed a "Small note," the threat researchers said the domain name has been registered for six years, "Which is kind [of] unusual?" Or maybe it points to excellent planning on the part of the miscreants.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/16/linux_botnet_log4j/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 376 2474 1533 666 5049
ARM 79 13 57 48 9 127