For nearly a month, a new botnet has been slowly growing in the shadows, feasting on unsecured Apache Hadoop servers, and planting bots on vulnerable servers to be used for future DDoS attacks.
First spotted in honeypot data by a NewSky Security researcher while it was still in its infancy, the botnet has matured and expanded in the meantime.
While initially, the botnet consisted of a few command and control servers, in a threat alert sent out today by cyber-security firm Radware, the company says the botnet has now grown to number over 70 servers.
The role of these servers is to scan the internet for Hadoop installations that use a misconfigured YARN module.
YARN, which stands for Yet Another Resource Negotiator, is a core component of the Apache Hadoop data processing framework, often used in large enterprise networks or cloud computing environments. See more...