Stories
Slash Boxes
Comments

SoylentNews is people

New P2P Botnet Infects SSH Servers All Over the World

posted by Fnord666 on Monday August 24 2020, @11:02AM   Printer-friendly
from the pwned dept.

upstart writes in with an IRC submission for nutherguy:

New P2P botnet infects SSH servers all over the world:

Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world.

The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. P2P botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

"What was intriguing about this campaign was that, at first sight, there was no apparent command and control (CNC) server being connected to," Guardicore Labs researcher Ophir Harpaz wrote. "It was shortly after the beginning of the research when we understood no CNC existed in the first place."

Original Submission

 
This discussion has been archived. No new comments can be posted.
New P2P Botnet Infects SSH Servers All Over the World | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by RS3 on Tuesday August 25 2020, @05:07AM (1 child)

    by RS3 (6367) on Tuesday August 25 2020, @05:07AM (#1041491)

    Sorry- I meant to add: I agree that fail2ban (or similar) should stave off the initial brute.

    Regarding root login- do people allow root login over ssh? I don't want to be one of those cantankerous jerks that say "then they deserve what they get" so I'll refrain from saying that. But it's possible just the same. :)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by VLM on Wednesday August 26 2020, @05:01PM

    by VLM (445) on Wednesday August 26 2020, @05:01PM (#1042230)

    do people allow root login over ssh?

    Sometimes I set my sshd config to allow that but only using preshared keys not using typed in passwords.

    The problem with sudo is it arrived as a tech right about the time virtualization and automated configuration and containerization made it obsolete. Other than troubleshooting diagnosis and development, there's really not much reason to do root stuff in a machine anymore. Like I don't log into physical freebsd servers and "pkg upgrade" as root anymore, its more like update the template for all machines then spin up new DEV TEST or PROD images automatically based on that golden upgraded template. If it passes TEST, I guess its good?