Mayhem Botnet Description
The Mayhem Botnet is a multi-component Trojan hosted on compromised Linux and Unix-based Web servers. Its flexible use of encrypted, hidden plugins allows third parties to use compromised servers to spread the infection to further websites, with its current infection numbers estimated at well over one thousand. The Mayhem Botnet also can execute additional commands sent by its Command & Control server, such as downloading new files, changing its plugins or transferring data. Website administrators are advised to use automated security tools to delete all components of a Mayhem Botnet, and take all additional steps to prevent any compromised data from being abused in the future.
The Lingering Mayhem of a Bash Vulnerability
The Mayhem Botnet saw analysis and press attention as long ago as July of the past year. Despite that, like many botnets, the Mayhem Botnet continues to see updates and procedural modifications that make the Mayhem Botnet a new and relevant threat for 2015. Rather than being designed for personal computers, the Mayhem Botnet attacks *nix-based website servers, and even is capable of distributing itself and other threats to new servers. Although the Mayhem Botnet includes many of the functions that one would expect of a botnet, the Mayhem Botnet also can run under accounts with restricted privileges (rather than requiring root-level access from an account).
The Web servers compromised by a Mayhem Botnet may be hijacked via brute forcing their account passwords, by phishing them from administrators or by other, third-party methods (such as a zero-day software vulnerability). Hidden and encrypted files are the Mayhem Botnet's optional plugins, providing variable functions while its main component is an ELF library file.
Some of the Mayhem Botnet's latest attacks have been noted to reuse the same IP addresses also associated with notable Shellshock attacks. In turn, malware researchers note that this common ground could be indicative of the Mayhem Botnet also including functions to abuse Shellshock. Shellshock, a vulnerability noted for its astounding lifespan prior to being patched, as well as its nigh-universal compatibility and simplicity of abusing, allows third parties to launch threatening code in Bash. However, Windows machines are unaffected. Some of the illicit activities known associated with Shellshock include spyware attacks (using threats to collect information, such as account passwords) and DDoS campaigns (crashing websites via fake traffic).
Calming the Tremors of a Shellshocked Botnet
The Mayhem Botnet is a foremost security issue for website administrators maintaining their sites via Unix and Linux-based servers. Although most, relevant programs have been patched to block the Shellshock vulnerabilities, other capabilities of a Mayhem Botnet campaign still are open for exploitation by third parties. Awareness of all common infection vectors and having durable website security should be sufficient for blocking the attacks that could install the Mayhem Botnet onto your server. When preventative defenses are insufficient, proper anti-malware products or a PC security professional should be consulted for removing the Mayhem Botnet, which uses files and other components not immediately visible.
For such site administrators, time also is a notable factor in dealing with the Mayhem Botnet. Since the Mayhem Botnet includes commands for uploading, downloading and otherwise giving remote attackers unhindered access to a Web server, the less time you take before action, the less chance there is of any damage being incurred.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Mayhem Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.