AESDDoS Botnet
The AESDDoS Botnet is a decentralized Trojan network that can use your PC for mining cryptocurrency, launching DDoS attacks, or executing code for other acts of aggression. Some of its installation exploits are abusing vulnerabilities in Confluence workplace productivity software. Users should, if appropriate, update their version of Confluence and depend on their anti-malware tools for removing the AESDDoS Botnet's Trojan.
A Confluence of Trojans and Software Weaknesses
An April-publicized vulnerability in Atlassian's Confluence Server product is in use in two criminals' campaigns: one using the opening for taking files hostage, and the other using it for hijacking the exposed hardware for external-directed attacks. Between the file-locker Trojan of the GandCrab Ransomware and the AESDDoS Botnet, Confluence users have more to be worried about than they did in March significantly.
Both of these threats are using CVE-2019-3396, an issue in the Widget Connector that facilitates the remote code execution for launching various attacks, although both Trojans have, in the past, used other infection techniques. The AESDDoS Botnet, unlike GandCrab Ransomware, includes a payload that, primarily, hijacks hardware for attacking targets elsewhere. Examples of its features that malware analysts can corroborate include an exhaustive array of Distributed-Denial-of-Service options (including UDP, SYN, and TCP flood) and cryptocurrency-mining that generates monetary equivalents for the threat actor's wallet.
The AESDDoS Botnet also gathers together system information, such as statistics concerning the processor and other hardware, and uploads them to the threat actor, who may use them for exploiting other vulnerabilities or determining a future course of action. Since it accepts multiple shell commands, and some variants modify additional files, the AESDDoS Botnet also has the potential for other attacks.
Patching Yourself Out of Trojan Tribulations
Atlassian is providing an update for the vulnerable software that will remove the issue from any possible exploitation by a remote attacker. Users of Confluence before version 6.15.1 should update their software immediately. At the same time, however, malware experts expect future attacks deploying the AESDDoS Botnet's 'bots' will use other methods, which can include spam e-mails, zero-day vulnerabilities or brute-force attacks.
The AESDDoS Botnet is receiving updates that modify its features, including some improvements that may increase the scope of harm that it can do to compromised systems. These latest changes include modifying files that, usually, only system admins would have access to, as well as a new persistence method that inserts the Trojan's execution into the system reboot command.
While it has some capacity for creating symptoms, an AESDDoS Botnet infection doesn't cause visual evidence of any attacks inherently, besides minor indicators of compromise like its network traffic. Users should protect themselves by employing compatible anti-malware programs for Linux environments that will delete an AESDDoS Botnet's bot on sight.
Most drive-by-downloads come from users endangering themselves, but no one can guard against an unknowable exploit in one of their programs. At the very least, though, possible victims can keep up their guard against an AESDDoS Botnet attack by updating their software whenever the option is there
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.