Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 16 (Xinhua) Microsoft researchers have discovered a hybrid botnet for both Windows and Linux platforms, which uses an efficient technology to attack my World servers and can launch distributed denial of service (DDoS) attacks on multiple platforms.

CTOnews.com learned that Microsoft marked the botnet as "MCCrash" and that Windows and Linux devices would be hijacked by hackers for DDoS attacks after infection.

It is worth noting that one of the commands accepted by botnet software is "ATTACK_MCCRASH". This command populates the user name in the Minecraft server login page with ${env:random payload of specific size:-a}. This string consumes the server's resources and crashes it.

Microsoft researchers said: "this command uses the env variable to use the Log4j 2 library, resulting in abnormal consumption of system resources (independent of Log4Shell vulnerabilities), which is a specific and efficient DDoS method." at present, a large number of my World servers are affected.

Currently, MCCrash's hard-coded display is only for version 1.12.2 of my World server software. However, this attack technique can also initiate DDoS updates to servers running versions 1.7.2 to 1.18.2, which means that more than half of the world's MyWorld servers will be affected.

The initial infection point for MCCrash is a Windows computer with software that claims to provide pirated licenses for the Microsoft operating system. The code hidden in the download software secretly infects the device with malware and eventually installs malicious.py, a python script that provides the main logic for botnets. The infected Windows device then scans the Internet for Debian, Ubuntu, CentOS, and IoT devices that accept SSH connections.

When found, MCCrash uses the usual default login credentials to try to run the same malicious.py script on the Linux device. Both Windows and Linux devices hijack servers used to attack my World.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.