New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

guest · Oct 11, 2018

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot
October 11, 2018
https://threatpost.com/new-drupalgeddon-attacks-enlist-shellbot-to-open-backdoors/138230/

Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called PerlBot or Shellbot.

According to researchers, the attackers scan websites looking specifically for the Drupalgeddon 2.0 vulnerability [...] Once the attacker has cracked the authentication vector, they install the Shellbot backdoor.

Shellbot is a malicious backdoor script which has been around since 2005. It’s designed to exploit MySQL database driven websites, including those with a content management system (CMS) such as Drupal.

Once the attacker’s command-and-control server has shell access to a target Drupal webiste they can look for SQL injection vulnerabilities, executing DDoS attacks, distributing phishing email spam, and terminating any existing cryptominers in order to install their own cryptomining malware.
Click to expand...

Log in or Sign up

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

guest Guest

Log in or Sign up

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

guest Guest

Useful Searches