"New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers"

As part of a new campaign, poorly managed Linux SSH servers are being targeted with several forms of malware called ShellBot. AhnLab Security Emergency Response Center (ASEC) explained that ShellBot, also known as PerlBot, is a Distributed Denial-of-Service (DDoS) bot malware written in Perl that uses the Internet Relay Chat (IRC) protocol to connect with the command-and-control (C2) server. ShellBot is installed on servers with weak passwords after threat actors use scanner malware to detect systems with SSH port 22 open. Using a list of known SSH credentials, a dictionary attack is initiated to breach the server and install the payload, after which the IRC protocol is used to communicate with a remote server. This includes the ability to receive commands that enable ShellBot to execute DDoS attacks and exfiltrate gathered data. ASEC reported identifying three different ShellBot variants. This article continues to discuss the new ShellBot DDoS malware variants targeting Linux SSH servers.

THN reports "New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers"