AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining | Cell Phone Spy and Mobile Tracking Software
By Augusto II Remillano Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals. We discovered that this malware variant can perform DDoS attacks, remote code execution, and cryptocurrency mining on systems that run vulnerable versions of Confluence Server and Data Center. Atlassian already took steps to fix these issues and recommended that users upgrade to the latest version (6.15.1). Version Family Affected Versions Fixed Versions 6.6.x 6.6.0 – 6.6.11 6.6.12 and later 6.12.x 6.7.0 – 6.12.2 6.12.3 and later 6.13.x 6.13.0 – 6.13.2 6.13.3 and later 6.14.x 6.14.0 – 6.14.1 6.14.2 and later Table 1. Affected and fixed versions of Atlassian Confluence Server and Data Center Examining the AESDDoS Botnet Malware Variant In our