Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including:
- In-memory payloads that never touch the disks of infected servers
- At least 20 versions of the software binary since January
- A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines
- The ability to backdoor infected servers
- A list of login credential combinations used to suss out weak login passwords that are more “extensive” than those in previously seen botnets
Administrators who don’t protect SSH servers with both a strong password and a cryptographic certificate may already be infected with malware that’s hard for the untrained eye to detect.