Bitxor20 Botnet

Bitxor20 Botnet Description


A new botnet exploiting the Log4J vulnerability has been caught by cybersecurity experts. The threat is tracked as the Bitxor20 botnet and its main targets are Linux systems. Once added to the botnet, the compromised devices can be commanded to perform a large list of threatening functions. Indeed, according to a report by Qihoo 360's Network Security Research Lab (360 Netlab), Bitxor20 collects sensitive information, deploys rootkits, opens reverse shells and establishes Web proxies. 

To remain unseen, the threat uses the tried and true method of DNS tunneling. First, all captured information, command results, or other needed data is encrypted via specific encoding techniques. Then, it is delivered to the Command-and-Control (C2, C&C) server of the operation as a DNS request. In response, the C2 server returns a chosen payload to the bot device. It should be noted that certain threatening features that have been discovered as part of Bitxor20 have been enabled by the malware's creators. This fact could signal that the threat is still under active development and could become even more potent in the future.