Stories
Slash Boxes
Comments

SoylentNews is people

New P2P Botnet Infects SSH Servers All Over the World

posted by Fnord666 on Monday August 24 2020, @11:02AM   Printer-friendly
from the pwned dept.

upstart writes in with an IRC submission for nutherguy:

New P2P botnet infects SSH servers all over the world:

Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world.

The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. P2P botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

"What was intriguing about this campaign was that, at first sight, there was no apparent command and control (CNC) server being connected to," Guardicore Labs researcher Ophir Harpaz wrote. "It was shortly after the beginning of the research when we understood no CNC existed in the first place."

Original Submission

 
This discussion has been archived. No new comments can be posted.
New P2P Botnet Infects SSH Servers All Over the World | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday August 24 2020, @01:09PM (1 child)

    by Anonymous Coward on Monday August 24 2020, @01:09PM (#1041114)

    Does it have a public key that it responds to. When whoever has the private key sends a signed command to one of the bots it then responds and sends the signed command to other bots via P2P?

    Where does the intelligence that it collects get routed and stored? How does that get managed? It seems like it would be difficult to manage intelligence from a whole bunch of computers within a decentralized botnet in a way that would let the person with the private key easily gain access to it. Unless each computer stores information about each other computer so that the one person that has the private key can collect information from each computer one by one. That would seem like a weakness. Or if each computer shared all sought out information with each other computer ... ?

    I guess if the person with the private key wants to send out, say, a DDOS attack on a specific website without intelligence gathering involved this could work. The response time might be slow and clunky maybe? It would assume all nodes are able to maintain their connection with each other as IP address and other variables change. It would have to be kinda like a traditional P2P network, each node would have to have information about multiple other nodes so if, for instance, it gets disconnected and reconnected under a different IP address with different variables it can keep trying to contact several other nodes until it finds one that works and then get information about other live nodes to maintain the connection and spread its information to all the other nodes so they can keep track of its connection parameters.

    The person with the desired private key, I supposed, query one of the nodes for other nodes and can do a P2P search for the desired information from other nodes so I guess information gathering can work kinda like a traditional P2P network.

    This is confusing.

  • (Score: 0) by Anonymous Coward on Tuesday August 25 2020, @06:08AM

    by Anonymous Coward on Tuesday August 25 2020, @06:08AM (#1041504)

    If it's using ssh, it might be loading the magic through some ssh dotfiles.