Discover Server Security News
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot.
"ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report.
ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.
A list of known SSH credentials is used to initiate a dictionary attack to breach the server and deploy the payload, after which it leverages the Internet Relay Chat (IRC) protocol to communicate with a remote server.