[Security-Discuss] FritzFrog - In the wild log4J + PrivEsc exploit, spreading by ssh-discovery
Weeks, Thomas "Tweeks"
t.weeks at vt.edu
Mon Feb 5 10:00:00 EST 2024
https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell
[https://www.akamai.com/site/en/images/blog/2024/thumbnails/fritzfrog-botnet-new-capabilities-log4shell-thumbail.png]<https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell>
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal | Akamai<https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell>
FritzFrog, a botnet originally identified by Akamai in 2020 has added capabilities, including exploiting the illustrious Log4Shell vulnerability.
www.akamai.com
"FritzFrog’s addition of exploitation capabilities to its arsenal shows a similar shift in this direction. The additional infection vector that is abusing the Log4Shell vulnerability, and the pkexec exploit module are two additions explored in this blog post that exemplify this shift. We believe that this trend will continue in upcoming FritzFrog versions, and it's likely only a matter of time before additional exploits are added to the malware."
Discuss on the [security-discuss] mail list..
--
T.Weeks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rbtc.tech/pipermail/security-discuss/attachments/20240205/f3e6d8cb/attachment.html>
More information about the Security-Discuss
mailing list