Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

A recently detected variant of the AESDDoS botnet malware is targeting a recent vulnerability Atlassian’s collaborative software Confluence, Trend Micro’s security researchers have discovered. 

A recently detected variant of the AESDDoS botnet malware is targeting a recent vulnerability Atlassian’s collaborative software Confluence, Trend Micro’s security researchers have discovered. 

The attack attempts to exploit a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Confluence Server to install malware capable of performing distributed denial of service (DDoS) attacks, remote code execution, and crypto-currency mining. 

The attack involves the remote execution of a shell command to download and execute a malicious shell script that in turn would download another shell script to finally install the AESDDoS botnet malware on the compromised system.

The AESDDoS variant used in this attack can launch various types of DDoS attacks, including SYN, LSYN, UDP, UDPS, and TCP flood, Trend Micro’s security researchers say. Additionally, the malware can connect to a specific IP address to send and receive remote shell commands from the attacker.

Once installed on a system, the malware can collect various information and send it to the attackers, including model ID and CPU description, speed, family, model, and type. The gathered data and data received from the command and control (C&C) server is encrypted using the AES algorithm. 

The security researchers also noticed that this AESDDoS variant can modify files as an autostart technique by appending the {malware path}/{malware file name} reboot command.

Atlassian has already patched the vulnerability in its Confluence software and users can update to version 6.15.1 to ensure they are protected from the attack. 

“Since the successful exploitation of CVE-2019-3396 in Atlassian Confluence Server can put resources at risk, enterprises should be able to identify vulnerabilities, make use of the latest threat intelligence against malware or exploits, and detect modifications to the application’s design and the underlying infrastructure that hosts it,” Trend Micro notes. 

Advertisement. Scroll to continue reading.
Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights