What is Shellbot Botnet

Shellbot Botnet is a botnet that primarily attacks Linux servers and vulnerable Internet of Things (IoT) devices. Cybersecurity company TrendMicro were the ones who uncovered the hacking group (which they named “Outlaw”) distributing the malware. Shellbot Botnet

“We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot.”

The group is reportedly responsible for compromising FTP servers of a Japanese art institution and a goverment site in Bangladesh. According to TrendMicro, they then linked the compromised servers to a high availability cluster to host an IRC bouncer, which they then used to command and control the emerging botnet.

“Aside from finding several exploit files that allowed us to understand how the initial exploit on the first server worked, we also found configuration files of the hackers’ toolset that allowed them to target organizations through DoS and SSH brute force, using so-called “class files.” Moreover, this suggests that the threat actors were building a botnet that can be used for cybercriminal purposes.”

Attackers have distributed the bot via an exploit targeting the ShellShock vulnerability in the past, but it has now been noted to be spread through the Drupalgeddon2 vulnerability. It seems that the malware primarily attacks IoT devices and Linux servers, but can also affect Windows-based environments and Android devices. In the attacks that have been analyzed, hackers reportedly took advantage of previously brute-forced or compromised hosts.

So far, no widespread attacks from the group have been noticed.

How to remove Shellbot Botnet malware

The malware should be detected by credible anti-malware software, such as ESET, Symantec and BitDefender. You can find a list of detections here.

  • Perl/Shellbot.NAI by ESET
  • Backdoor.Perl.Shellbot.B by BitDefender
  • BV:Shellbot-A [Expl] by Avast/AVG
  • SecurityRisk.gen1 by Symantec
  • Backdoor:Perl/Shellbot.Z by Microsoft

Offers

More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

    Download|more
  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

    Download|more
  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...

    Download|more

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply