Bots Targeting SSH Servers and Brute-Forcing Entry

[silversurfer]

Botnets have been growing more prevalent, and SophosLabs has discovered a new family of denial-of-service (DoS) bots used in distributed denial-of-service (DDoS) attacks. The family, dubbed Chalubo, has been used in attacks targeting internet-facing SSH servers on Linux-based systems, according to SophosLabs.

Using the ChaCha stream cipher, the attackers encrypt the bot and its Lua script, which researchers said is an indication of a Linux malware evolution. The anti-analysis techniques are principles more commonly used to thwart detection in Windows malware, though Chalubo does incorporate code from both the Xor DDoS and other Mirai malware families.

Source: https://www.infosecurity-magazine.com/ne...teforcing/