September 03, 2014 Akamai Warns of IptabLes and IptabLex Infection on Linux, DDoS attacks
Akamai Contacts Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
or Tom Barth
Akamai Investor Relations
617-274-7130
tbarth@akamai.com
Linux systems infiltrated and controlled in a DDoS botnet
Entertainment industry targeted by DDoS attacks
Large and growing botnet believed to be expanding from Asia to more regions
CAMBRIDGE, Mass - September 3, 2014 - Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimising and securing online content and business applications, today released, through the companys Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch distributed denial of service (DDoS) attacks against the entertainment industry and other verticals. The advisory is available for download from Prolexic (now part of Akamai) at www.prolexic.com/iptablex.
We have traced one of the most significant DDoS attack campaigns of 2014 to infection by IptabLes and IptabLex malware on Linux systems, said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Malicious actors have taken advantage of known vulnerabilities in unpatched Linux software to launch DDoS attacks. Linux admins need to know about this threat to take action to protect their servers.
DDoS botnet threat to Linux systems
The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.
A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot. The malware also contains a self-updating feature that causes the infected system to contact a remote host to download a file. In the lab environment, an infected system attempted to contact two IP addresses located in Asia.
Asia apparently a significant source of DDoS attacks
Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions. In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.
Prevention, detection and DDoS mitigation
Detecting and preventing an IptabLes or IptabLex infestation on Linux systems involves patching and hardening Linux servers and antivirus detection. In the threat advisory, PLXsert provides bash commands to clean an infected system.
DDoS mitigation for the target of a DDoS attacker who controls these infected bots may include rate-limiting DDoS mitigation techniques. In addition, PLXsert shares a YARA rule in the threat advisory to identify the ELF IptabLes payload used in an observed attack campaign.
The IptabLes and IptabLex botnet has produced significant DDoS attack campaigns for which target companies have sought expert DDoS protection. Akamai offers DDoS mitigation solutions to stop DDoS attacks launched from IptabLes and IptabLex bots.
PLXsert anticipates further infestation and the expansion of this DDoS botnet.
Get the IptabLes and IptabLex DDoS Bot Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details about Iptables and IptabLes infections, including:
Indicators of infection
Analysis of the binary (ELF) associated with IptabLes and IptabLex infections
Payload initialization, entrenchment and persistence
Network code analysis
Case study of a DDoS attack campaign
How to hardening Linux servers against this threat
Antivirus detection rates
Bash commands to clean an infected system
YARA rule to identify an ELF IptabLes payload
DDoS mitigation techniques
A complimentary copy of the threat advisory is available for download at www.prolexic.com/iptablex.
About Akamai
Akamai is the leading provider of cloud services for delivering, optimising and securing online content and business applications. At the core of the Companys solutions is the Akamai Intelligent Platform , providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
Top
Most recent headlines
01/01/2026
Latin Grammy Cultural Foundation Announces 2026 Noel Schajris Scholarship The scholarship will cover tuition and housing for one Berklee College of Music stud...
01/01/2026
New year, new games, all with RTX 5080-powered cloud energy. GeForce NOW is kicking off 2026 by looking back at an unforgettable year of wins and wildly high fr...
31/12/2025
Back to All News
NFL Christmas Gameday on Netflix Scores Again With the Lions-V...
30/12/2025
As the College Football Playoff Enters the Quarterfinals, ESPN Blows Out Its Meg...
30/12/2025
SVG's Best of 2025: Original ArticlesTake a look back at all our coverage of big-time productions, game-changing technologies, and state-of-the-art new faci...
30/12/2025
MELBOURNE, Fla., Dec. 30, 2025 - L3Harris Technologies (NYSE: LHX) will release its fourth quarter 2025 financial results before the market opens on Thursday, J...
30/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
30/12/2025
It marked the first civilian operational authorization for a HAPS flight in Europe, led by Space42's subsidiary, Mira Aerospace
The flight demonstrated HAP...
29/12/2025
San Francisco 49ers Strike Gold With Halftime Laser SpectacularStunning display caps $200 million renovation of Levi's Stadium techBy Dan Daley, Audio Edito...
29/12/2025
The Cup's Around the Corner: An Inside Look at Broadcast Preparations for th...
29/12/2025
SVG's Best of 2025: Longform VideoWatch the standout keynote conversations, deep dives, and panel discussions from the year for free on SVG PLAY!By Brandon ...
29/12/2025
From crisper Lossless audio and immersive music videos in beta to new Audiobooks+ plans, custom transitions between tracks, and in-app Messages, we keep levelin...
29/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
27/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
26/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
26/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
25/12/2025
Holiday lights are twinkling, hot cocoa's on the stove and gamers are settling in for a well-earned break.
Whether staying in or heading on a winter getawa...
24/12/2025
What is AI good for? Posted by MTI Film on December 24, 2025
What is AI good for?
What is AI good for?
It's been three years since ChatGPT first cap...
24/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
24/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
24/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
24/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
24/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
24/12/2025
Back to All News
The Boyfriend' Season 2 Unveils Heartwarming Trailer, Key...
24/12/2025
Back to All News
Love, Fights, and Everything in Between: Badly in Love' Returns for Season 2
Entertainment
24 December 2025
GlobalJapan
Link copied t...
24/12/2025
Scripps Research study links sleep variability with sleep apnea and hypertension How consumers' digital activity trackers could enable personalized health s...
23/12/2025
How guilas Cibae as Dominican Winter League Games Are Locally Produced for Glob...
23/12/2025
BitFire's Jim Akimchuk on Supplying Scalability and Customization in the Clo...
23/12/2025
CAMB.AI Enables European Athletics to Offer Multi-Language SupportPlan is to eventually offer translation into all languages spoken in EuropeBy Ken Kerschbaumer...
23/12/2025
Analysis: As sports media values trend negative, scarcity and quality are king By Callum McCarthy, Editor-at-Large
Monday, December 22, 2025 - 14:08
Print ...
23/12/2025
ESPN, Disney, and NBA Return to the Animated Altcast Fray With Second Edition of...
23/12/2025
End the Year on a High Note and Donate to the Sports Broadcasting Fund Today!By Ken Kerschbaumer, Editorial Director
Tuesday, December 23, 2025 - 12:25 pm
P...
23/12/2025
The year is winding down, the weather outside is frightful, and it's the perfect time to escape into a story that warms the heart. For listeners looking for...
23/12/2025
A Zeus motor is hot fire tested at L3Harris' Camden, Arkansas, solid rocket ...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Lightware will exhibit several major product innovations at ISE 2026, including the new USB-C BOOSTER-V1, Google Meet. integration for various Taurus UCX models...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
23/12/2025
Taking the Stage at Carnegie Hall-On a Global Scale Boston Conservatory Orchestra students reflect on their epic concert marking the 80th session of the UN Gene...
23/12/2025
Back to All News
Netflix's The Great Flood and Culinary Class Wars 2 Top Gl...
23/12/2025
Back to All News
Stranger Things By the Numbers: How the Global Phenomenon Shap...
23/12/2025
Experience the power of WO Automation for Radio's newest service, the System Effectiveness Review. Designed to help you achieve more, a System Effectiveness...
23/12/2025
23 Dec 2025
VEON's Beeline Kazakhstan and Rakuten Symphony Collaborate to A...
23/12/2025
Back to All News
How Steamy Can It Get? Single's Inferno' Season 5 Pre...
23/12/2025
Back to All News
33 Million Global Viewers on Netflix Watched Jake Paul vs. Ant...
September 03, 2014 Akamai Warns of IptabLes and IptabLex Infection on Linux, DDoS attacks 
