FreakOut Botnet Targeting Linux Systems

By

Another new botnet is targeting unpatched Linux systems with DDoS, ARP poisoning, and other nefarious attacks.

The era of attacks on the Linux platform is nigh. Nefarious ne'er do wells have realized Linux is powering enterprise businesses and they're caching in on that reality. This time around, with a botnet capable of launching DDoS attacks, ARP poisoning, hidden crypto-mining, brute-force attacks, and more.

The FreakOut botnet was first discovered in November of 2020, but resurfaced this month. The current targets of the botnet are TerrraMaster data storage units, web applications built with the Zend PHP Framework, and Liferay Portal CMS websites. However, according to Check Point, FreakBot is currently mass-scanning the internet for vulnerable applications and employing exploits to gain control of the underlying Linux system via the following vulnerabilities:

Once FreakOut has gained access to the system, it downloads a Python script to connect the infected system to a remote IRC channel so the attacker can send attack commands that can: Gather information from the system, create and send UDP/TCP packets, execute telnet brute-force attacks, run port scans, execute ARP poisoning attacks on the connected LAN, kill local processes, and more.

To prevent FreakOut from attacking your Linux systems, it's crucial to make sure they are always up to date, so run those upgrades regularly.

01/25/2021
comments powered by Disqus