A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices.

According to multiple security blogs, the bot compromises websites running outdated versions of phpMyAdmin. By exploiting a vulnerability patched in April, the bot installs a file called dd_ssh, which trawls the net for devices protected by the SSH protocol.

“This bot then conducts brute force SSH attacks on random IP addresses specified by the bot herder,” a user blogged here. Indeed, DShield, an exploit-monitoring service maintained by the SANS Institute, shows a six-fold increase in the number of sources participating in SSH scanning from July 24 to August 10, and close to a three-fold jump in the number of targets.

Read more here.