A recent attack on poorly managed Linux servers has been identified, involving the installation of SVF Botnet, a DDoS Bot malware developed in Python. The malware uses Discord as its C&C server and employs multiple proxy servers for DDoS attacks. The threat actor gains access through weak SSH credentials and installs the bot using specific commands. SVF Bot supports various DDoS attack methods, primarily L7 HTTP Flood and L4 UDP Flood. It uniquely utilizes public proxy addresses for HTTP flood attacks, enhancing its effectiveness. The malware can receive commands from the threat actor, turning infected Linux servers into DDoS Bots. To protect against such attacks, administrators are advised to use strong passwords, regularly update systems, and implement security measures like firewalls. Author: AlienVault
Related Tags:
proxy servers
SVF Bot
SVF Botnet
T1102.002
T1059.006
SSH
T1133
DDoS
discord
Associated Indicators:
null