Article 5W0QD After lying low, SSH botnet mushrooms and is harder than ever to take down

After lying low, SSH botnet mushrooms and is harder than ever to take down

by
Dan Goodin
from Ars Technica - All content on (#5W0QD)
botnet6-800x450.jpg

Enlarge (credit: Aurich Lawson / Ars Technica)

Two years ago, researchers stumbled upon one of the Internet's most intriguing botnets: a previously undiscovered network of 500 servers, many in well-known universities and businesses around the world, that was impervious to normal takedown methods. After lying low for 16 months, those researchers said, the botnet known as FritzFrog is back with new capabilities and a larger base of infected machines.

SSH servers, beware

FritzFrog targets just about anything with an SSH, or secure shell, server-cloud instances, data center servers, routers, and the like-and installs an unusually advanced payload that was written from scratch. When researchers from security firm Guardicore Labs (now Akamai Labs) reported it in mid-2020, they called it a next-generation" botnet because of its full suite of capabilities and well-engineered design.

It was a decentralized, peer-to-peer architecture that distributed administration among many infected nodes rather than a central server, making it hard to detect or take it down using traditional methods. Some of its advanced traits included:

Read 14 remaining paragraphs | Comments

index?i=bOWWF1-SmIw:m_k5zWJsHN8:V_sGLiPB index?i=bOWWF1-SmIw:m_k5zWJsHN8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments