An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- BoingBoing
- Engadget
- Technology Review
- Abduzeedo
- Crazy Leaf Design
- My Ink Blog
- Web Design Ledger
- Specky Boy
- Android Dissected
- Willems Lab
Help Webnuz
Referal links:
August 25, 2020 09:40 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iS0T0eEd780/a-new-botnet-is-covertly-targeting-millions-of-servers
A New Botnet Is Covertly Targeting Millions of Servers
An anonymous reader quotes a report from Wired: FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe. Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down. The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including: In-memory payloads that never touch the disks of infected servers; At least 20 versions of the software binary since January; A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines; The ability to backdoor infected servers; and A list of login credential combinations used to suss out weak login passwords that's more "extensive" than those in previously seen botnets. Taken together, the attributes indicate an above-average operator who has invested considerable resources to build a botnet that's effective, difficult to detect, and resilient to takedowns. The new code base -- combined with rapidly evolving versions and payloads that run only in memory -- make it hard for antivirus and other end-point protection to detect the malware. The botnet has so far succeeded in infecting 500 servers belonging to "well-known universities in the US and Europe, and a railway company."Once installed, the malicious payload can execute 30 commands, including those that run scripts and download databases, logs, or files. To evade firewalls and endpoint protection, attackers pipe commands over SSH to a netcat client on the infected machine. Netcat then connects to a "malware server." (Mention of this server suggests that the FritzFrog peer-to-peer structure may not be absolute. Or it's possible that the "malware server" is hosted on one of the infected machines, and not on a dedicated server. Guardicore Labs researchers weren't immediately available to clarify.)Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iS0T0eEd780/a-new-botnet-is-covertly-targeting-millions-of-servers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot