Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world.
ARS TECHNICA
This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.
The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.
“What was intriguing about this campaign was that, at first sight, there was no apparent command-and-control (CNC) server being connected to,” Guardicore Labs researcher Ophir Harpaz wrote. “It was shortly after the beginning of the research when we understood no CNC existed in the first place.”
The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including:
In-memory payloads that never touch the disks of infected servers
At least 20 versions of the software binary since January
A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines
The ability to backdoor infected servers
A list of login credential combinations used to suss out weak logi ..
Support the originator by clicking the read the rest link below.
