Malware
Linux SSH servers targeted by new RapperBot botnet
BleepingComputer reports that Linux SSH servers have been besieged by brute-force attacks from the novel Mirai trojan-based RapperBot botnet since mid-June.
More than 3,500 unique IP addresses around the world have been scanned by RapperBot as it sought to brute-force Linux SSH servers, according to a report from Fortinet. Despite being a forked version of Mirai, RapperBot was found to have unique functionality, as well as a dedicated command-and-control protocol and post-compromise activity mainly aimed at achieving initial server access.
"Unlike the majority of Mirai variants, which natively brute force Telnet servers using default or weak passwords, RapperBot exclusively scans and attempts to brute force SSH servers configured to accept password authentication. The bulk of the malware code contains an implementation of an SSH 2.0 client that can connect and brute force any SSH server that supports Diffie-Hellmann key exchange with 768-bit or 2048-bit keys and data encryption using AES128-CTR," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds