Researchers at Palo Alto Networks have spotted a brute force botnet malware that are targeting web servers running phpMyAdmin, MySQL, FTP and Postgres services. The Golang based botnet will attempt to brute force accounts with weak or default passwords. Once it has successful gained entry, it deploys an IRC bot and reaches out to its command and control server for instructions. The botnet uses a multiscan module to find potential victims within a CIDR block and will target all IP addresses within that range. The researchers believe that the malware is currently in active development and expects that things like initial infection vectors or payloads to change in the near future.
This segment was created for the It’s 5:05 podcast