A new malware campaign called ShellBot targets poorly managed Linux SSH servers.
According to an AhnLab Security Emergency Response Center (ASEC) report, ShellBot, also known as PerlBot, is a DDoS Bot malware created in Perl that connects with the C&C server over IRC.
ShellBot has been attacking Linux systems for years despite being old malware.
Desktop malware attacks often occur through online browsers or email attachments. Threat actors often spread malware as legitimate software to trick consumers into installing it.
Threat actors utilise several strategies to assault server systems.
These attacks target poorly managed or unpatched services.
RDP and SQL Server are attack vectors for Windows operating systems.
SSH is often attacked on Linux servers. Dictionary attacks have targeted Telnet in IoT environments with old Linux servers or embedded Linux OSes.
IRC is a real-time Internet chat system that lets users join channels and interact with other users in real time.
IRC bots are bot malware that communicates with a C&C server over the internet using the IRC protocol.
IRC bots on compromised systems access a threat actor-designated IRC server channel, send stolen data, or execute a string from the attacker.
Threat actors have used ShellBot extensively. ShellBot’s commands, traits, and DDoS attacks during installation have divided it into three types.
A dictionary attack using a list of known SSH credentials compromises the server and delivers the payload. The attacker then contacts a remote server through Internet Relay Chat (IRC) protocol.
PowerBots can upload files from compromised hosts and grant reverse shell access.
ShellBot was used to infect Linux servers with cryptocurrency miners and distribute them using shell script compilers nearly three months ago.