"ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers"

The threat actors behind ShellBot, also known as PerlBot, are using IP addresses transformed into its hexadecimal notation in order to compromise inadequately managed Linux SSH servers and launch the Distributed Denial-of-Service (DDoS) malware. According to the AhnLab Security Emergency Response Center (ASEC), the download URL used by the threat actor to install ShellBot has changed from a standard IP address to a hexadecimal value. ShellBot is known to exploit servers with weak SSH credentials using a dictionary attack, and the malware is used to orchestrate DDoS attacks and distribute cryptocurrency miners. This article continues to discuss researchers' findings regarding ShellBot.

THN reports "ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers"

Submitted by grigby1
 

Submitted by Gregory Rigby on