Network Security

Virtual private servers targeted by SystemBC proxy botnet

botnet bot-net computer virus

Commercial virtual private servers, which have been compromised through vulnerability exploits, have accounted for nearly 80% of daily bots used by the SystemBC proxy botnet as a proxy highway, enabling infections that last longer than average, according to BleepingComputer.

Attackers have leveraged easily exploitable flaws to infect the VPS systems, which then allowed high-volume traffic before downloading a shell script that orders SystemBC execution, a report from Lumen Technology's Black Lotus Labs revealed.

Researchers also found that an IP address was able to produce 16 GB of proxy data following SystemBC malware execution in a simulated environment.

"This amount of data is an order of magnitude greater than what is commonly observed in typical proxy networks," researchers added.

Further analysis revealed that over 80 command-and-control servers have been used by SystemBC to establish connections with a compromised proxy server while powering the other proxy network services, including REM Proxy.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds