AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

guest · Apr 27, 2019

AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server
April 27, 2019
https://www.securityweek.com/aesddos-botnet-targets-vulnerability-atlassian’s-confluence-server

The attack attempts to exploit a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Confluence Server to install malware capable of performing distributed denial of service (DDoS) attacks, remote code execution, and crypto-currency mining.

Once installed on a system, the malware can collect various information and send it to the attackers, including model ID and CPU description, speed, family, model, and type. The gathered data and data received from the command and control (C&C) server is encrypted using the AES algorithm.

The security researchers also noticed that this AESDDoS variant can modify files as an autostart technique by appending the {malware path}/{malware file name} reboot command.
Atlassian has already patched the vulnerability in its Confluence software and users can update to version 6.15.1 to ensure they are protected from the attack.
Click to expand...

Trend Micro: AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining

Log in or Sign up

AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

guest Guest

Log in or Sign up

AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

guest Guest

Useful Searches