New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

[MuzzMelbourne]

Content source

https://thehackernews.com/2023/03/new-shellbot-ddos-malware-targeting.html

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot.

"ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report.

ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.

A list of known SSH credentials is used to initiate a dictionary attack to breach the server and deploy the payload, after which it uses the Internet Relay Chat (IRC) protocol to communicate with a remote server.

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

Linux SSH servers with poor management targeted by new ShellBot malware campaign.

thehackernews.com

 

[MuzzMelbourne]

New Tsunami botnet targets Linux SSH servers

Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers.

securityaffairs.com

Hackers infect Linux SSH servers with Tsunami botnet malware

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner.

www.bleepingcomputer.com