Security News > 2022 > March > Linux botnet exploits Log4j flaw to hijack Arm, x86 systems
A new Linux botnet is using the infamous Log4j vulnerability to install rootkits and steal data.
Researchers at Chinese internet security company Qihoo's 360's Network Security Research Lab discovered the botnet family, which they dubbed B1txor20, as it was infecting new hosts via the Log4j vulnerability.
"In addition to the traditional backdoor functions, B1txor20 also has functions such as opening Socket5 proxy and remotely downloading and installing Rootkit," the threat researchers wrote.
In total, 360 Netlab nabbed found four different B1txor20 samples that the threat researchers said support 15 functions.
The threat researchers aren't putting it past the criminals to call on the unused code or fix the bugs in the future.
Finally, in what they deemed a "Small note," the threat researchers said the domain name has been registered for six years, "Which is kind [of] unusual?" Or maybe it points to excellent planning on the part of the miscreants.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/16/linux_botnet_log4j/
Related news
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (source)
- Ebury botnet malware infected 400,000 Linux servers since 2009 (source)
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Ebury botnet compromises 400,000+ Linux servers (source)
- Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (source)