Botnet Shellbot Evades Detection with Hexadecimal IP Addresses

The Shellbot botnet attackers are utilizing IP addresses converted into a hexadecimal number system to exploit Linux SSH servers that have poor security controls. This allows them to distribute malware and conduct DDoS attacks, as per a new report published today by Ahnlab Security (asec).

The report highlights that the modus operandi of the attackers remains consistent. However, their recent exploitation technique involves using IP addresses in the form of hexadecimal numbers to gain unauthorized access to vulnerable Linux SSH servers. This allows the attackers to expand the Shellbot botnet and facilitate DDoS attacks.

In their report, Ahnlab Security explains that the original purpose of URLs was to indicate the location of various files on the internet. However, over time, URLs have come to be used to designate the addresses of all types of resources.

For more information, you can refer to the full report published by Ahnlab Security.

/Reports, release notes, official announcements.