November 19, 2021 — Eric Swotinsky
Incident reports

New botnet Abcbot takes aim at Linux

Acronis Cyber Protect Cloud

Abcbot is a new botnet that has been infecting Linux systems since July, with the purpose of launching distributed denial-of-service (DDoS) attacks. As Linux is the system of choice for 96.3% of the top million servers, and 90% of all cloud infrastructure, the number of potential victims is significant.

Abcbot has joined the growing list of malware written in Golang, and is under active development. As many as six variants have already been found. New features like the ability to self-update, set up a webserver, and even worm-like propagation are quickly being added.

The shell scripts used by Abcbot disable security scanning and even reset user passwords to the Elastic cloud service, in an attempt to make it more difficult to identify and track the botnet on your systems.

The multi-layered detection engines in Acronis Cyber Protect detects and blocks Abcbot and other malware designed for Linux, keeping your systems safe and preventing them from being used maliciously.