Security researchers have discovered that the threat actors behind ShellBot, also known as PerlBot, are now using hexadecimal IP addresses to infiltrate Linux SSH servers. ShellBot is known for targeting servers with weak SSH credentials and deploying DDoS malware.
By using hexadecimal IP addresses in download URLs, the attackers attempt to evade detection, making it more challenging for security systems to identify and block the malicious traffic. This technique signals continued usage of ShellBot in attacks against Linux systems, highlighting the importance of maintaining strong passwords and changing them regularly to resist dictionary and brute-force attacks.
Additionally, the report reveals that attackers are leveraging abnormal certificates with unusually long strings for Subject Name and Issuer Name fields to distribute information stealer malware. These malicious pages are easily accessible through search engines, posing a threat to a wide range of users.
They often employ keywords related to illegal programs like serials, keygens, and cracks. The evolving tactics and techniques of cybercriminals underscore the importance of strong security measures and regular vigilance to protect systems and data from these types of threats.