32.Lock Code Circular

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot.

"ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report.

ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.

A list of known SSH credentials is used to initiate a dictionary attack to breach the server and deploy the payload, after which it leverages the Internet Relay Chat (IRC) protocol to communicate with a remote server.