Security News > 2023 > March > New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot.
ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.
ASEC said it identified three different ShellBot versions - LiGhT's Modded perlbot v2, DDoS PBot v2.0, and PowerBots GohacK - the first two of which offer a variety of DDoS attack commands using HTTP, TCP, and UDP protocols.
The findings come nearly three months after ShellBot was employed in attacks aimed at Linux servers that also distributed cryptocurrency miners via a shell script compiler.
"If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets after receiving a command from the threat actor," ASEC said.
The development also comes as Microsoft revealed a gradual increase in the number of DDoS attacks targeting healthcare organizations hosted in Azure, surging from 10-20 attacks in November 2022 to 40-60 attacks daily in February 2023.
News URL
https://thehackernews.com/2023/03/new-shellbot-ddos-malware-targeting.html
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)