FritzFrog Botnet Exploits Log4Shell – BankInfoSecurity

Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector, supplementing its usual remote login brute force technique.

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

Akamai Security Intelligence Group observed the shift in the FritzFrog botnet, first documented in 2020.

Log4Shell, tracked as CVE-2021-44228, burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library. A panel of U.S. public and private sector security experts in mid-2022 warned that patching every vulnerable Log4j instance would likely take a decade “or longer” (see: Log4j Flaw Is ‘Endemic,’ Says Cyber Safety Review Board).

To spread their malware, FritzFrog operators exploit the fact that system administrators give lower priority to patching internal network machines. Internet-facing applications are an obvious priority for patching. But unpatched internal machines can still be a risk, the researchers said. FritzFrog looks for subnets and targets possible addresses within them.

“This means that even if the ‘high-profile’ internet-facing applications have been patched, a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation,” they said.

To trigger the Log4Shell vulnerability, FritzFrog forces an application to log data containing a…