Get in Touch
Researchers have discovered a new strain of malware named ‘B1txor20’ which targets Linux devices using the Log4j vulnerability.
The backdoor grants the attacker control over the device, read/write access to the file system, and gives them the ability to proxy traffic through the machine. It also installs a rootkit which would allow it to hide its activity from the device owner
Any DNS monitoring solution should be able to detect the suspicious subdomains typical of DNS tunnelling.
Containment, Mitigations & Remediations
Keep systems patched and updated to remove known vulnerabilities.
Indicators of Compromise
Other botnets (Elknot, Gafgyt, Mirai) have also been targeting devices vulnerable to Log4J. A vulnerable version of the log4j dependency is the target of a significant percentage of downloads and continues to be linked in upstream software as a dependency. Despite wide publication and subsequent remediation of the issue, the statistics indicate that systems are still going unpatched or are not capable of being updated.