A new Linux botnet has taken advantage of 2009-era exploits.

SSHStalker is a newly identified Linux botnet that uses decade‑old exploits, IRC‑based command‑and‑control, and mass SSH compromise to infect roughly 7,000 systems. The botnet employs numerous 2009‑era kernel exploits, multiple IRC bots, and frequent cron‑based persistence checks to maintain access. Its infection chain involves deploying C‑based and Perl‑based bots, Tsunami and Keiten malware, and redundancy across multiple servers and channels. Researchers note similarities to Romanian‑linked botnets but no direct attribution, suggesting a derivative or copycat operator.

Read more:

https://www.securityweek.com/new-sshstalker-linux-botnet-uses-old-techniques/