Botnet Conducts Brute Force Attacks

A server-based botnet that attacks unsecure websites is currently launching a flood of attacks over the Internet, according to security researchers.

The attacks are attempting to hack secure shells protecting Linux boxes, routers and other network devices by guessing the login credentials.

The botnet hits websites that run an outdated version of phpMyAdmin, according to researchers. The vulnerability, which was patched back in April, is exploited by the botnet which installs a file which searches the Internet for devices using the SSH protocol for protection.

“This bot then conducts brute force SSH attacks on random IP addresses specified by the bot herder,” one user wrote.

A monitoring service run by the SANS Institute noted a six-time increase in sources participating in SSH scans in the past few weeks.

Related posts:

1. Botnet Assaults CIA
2. UA Student Pleads Guilty to Launching Botnet Attacks
3. Botnet Changes Tactics
4. Botnet Infiltrated by Researchers
5. Short-Lived Victory in Zeus Botnet Disruption