After lying low, SSH botnet mushrooms and is harder than ever to take down

Rows of 1950s-style robots operate computer workstations.

Enlarge (credit: Aurich Lawson / Ars Technica)

Two years ago, researchers stumbled upon one of the Internet’s most intriguing botnets: a previously undiscovered network of 500 servers, many in well-known universities and businesses around the world, that was impervious to normal takedown methods. After lying low for 16 months, those researchers said, the botnet known as FritzFrog is back with new capabilities and a larger base of infected machines.

SSH servers, beware

FritzFrog targets just about anything with an SSH, or secure shell, server—cloud instances, data center servers, routers, and the like—and installs an unusually advanced payload that was written from scratch. When researchers from security firm Guardicore Labs (now Akamai Labs) reported it in mid-2020, they called it a “next-generation” botnet because of its full suite of capabilities and well-engineered design.

It was a decentralized, peer-to-peer architecture that distributed administration among many infected nodes rather than a central server, making it hard to detect or take it down using traditional methods. Some of its advanced traits included:

Read 14 remaining paragraphs | Comments



https://ift.tt/jnV3WAf

Comments