Admin
A server-based botnet that attacks unsecure websites is currently launching a flood of attacks over the Internet, according to security researchers.
The attacks are attempting to hack secure shells protecting Linux boxes, routers and other network devices by guessing the login credentials.
The botnet hits websites that run an outdated version of phpMyAdmin, according to researchers. The vulnerability, which was patched back in April, is exploited by the botnet which installs a file which searches the Internet for devices using the SSH protocol for protection.
“This bot then conducts brute force SSH attacks on random IP addresses specified by the bot herder,“ one user wrote.
A monitoring service run by the SANS Institute noted a six-time increase in sources participating in SSH scans in the past few weeks.
