Statistics Report on Malware Targeting Linux SSH Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes a honeypot to respond to and classify brute-force and dictionary attacks targeting poorly managed Linux SSH servers. This post covers the status of the attack sources identified in the logs from the fourth quarter of 2025 and the statistics of attacks launched by these
Statistics Report of Malware Targeting Linux SSH Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) is using a honeypot to respond to and categorize brute-force and dictionary attacks that target poorly managed Linux SSH servers. This post covers the status of the attack sources identified in logs from the third quarter of 2025 and the statistics of attacks performed by
Statistical Report on Malware Targeting Linux SSH Servers in Q2 2025
Overview AhnLab SEcurity intelligence Center (ASEC) conducts response and classification of brute force or dictionary attacks targeting poorly managed Linux SSH servers using honeypots. This report will cover the status of attack sources identified in the second quarter of 2025 based on logs, as well as statistics on attacks performed
Statistical Report on Malware Targeting Linux SSH Servers in Q1 2025
Overview AhnLab SEcurity intelligence Center (ASEC) conducts response and classification of brute force or dictionary attacks targeting poorly managed Linux SSH servers using honeypots. This report will cover the status of attack sources identified in the first quarter of 2025 based on logs, as well as statistics on attacks performed
Statistical Report on Malware Targeting Linux SSH Servers in Q4 2024
Overview AhnLab SEcurity intelligence Center (ASEC) conducts response and classification of brute force or dictionary attacks targeting poorly managed Linux SSH servers using honeypots. This report will cover the status of attack sources identified in the fourth quarter of 2024 based on logs, as well as statistics on attacks performed
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses
AhnLab Security Emergency response Center (ASEC) has recently discovered a change in the distribution method of the ShellBot malware, which is being installed on poorly managed Linux SSH servers. The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from
Tsunami DDoS Malware Distributed to Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) has recently discovered an attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers. Not only did the threat actor install Tsunami, but they also installed various other malware such as ShellBot, XMRig CoinMiner, and Log Cleaner.
ShellBot Malware Being Distributed to Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) has recently discovered the ShellBot malware being installed on poorly managed Linux SSH servers. ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server. ShellBot is an old malware that
