Botnets come in handy for malicious attackers who conduct cybersecurity attacks.
Ebury is one such botnet malware that has been troubling Linux servers since 2009.
Even after fifteen years, it remains in existence, evolving and using new tactics.
ESET researchers published a newreportdescribing how malware infects a server and the measures to prevent it from spreading further.
Table Of Contents
Whats Ebury Botnet Malware, and What Is Its Impact?
Ebury botnet malware steals credentials from the compromised servers.
In 15 years, Ebury successfully infiltrated over 400K Linux servers.
That isnt a small number, but ESET says that only 25 percent are compromised.
That means nearly 100K servers are still infected and unaware of Eburys presence.
ESET regularly deploys honeypots to lure Eburys into infecting themselves and studying the malware.
But over time, the honeypots have become inept at reacting to Eburys infection.
In one such incident, the malware brazenly sent a Hello ESET honeypot message.
The malware is improving at identifying honeypots, making it more difficult for researchers.
Ebury loves targeting hosting providers because they open gates to multiple servers.
Rather than going after one server, capturing and snooping on multiple servers appeals to them.
ESET rented a virtual server, and Ebury infected it in less than a week.
Hackers also love intercepting traffic and redirecting users to servers that capture credentials.
Cryptocurrency nodes are prime targets because they gain access to wallet credentials and then transfer the money.
The malware is exceptionally good at covering tracks.
It uses new obfuscation techniques to hide from the admins eyes.
To learn more about the malware, check out theofficial research paper.
you’re able to also try anEbury detection scriptthat is available on GitHub.
source: www.techworm.net
