On Dec 9, 2021, the world was alerted to the Log4j vulnerability [CVE-2021-44228 aka Log4Shell].
Most likely bad actors already knew about this prior to Dec 9th as it’s been reported that the vulnerability was exposed much earlier in Minecraft chat forums.
The vulnerability exposes how the ubiquitous Log4j Java logging utility can be taken advantage of by injecting Java Naming and Directory Interface (JNDI) code in the User-Agent HTTP Header to execute a malicious script.
The JNDI injection can leverage different protocols such as Lightweight Directory Access Protocol (LDAP), Secure LDAP (LDAPS), Remote Method Invocation (RMI), or Domain Name Service (DNS) to request a malicious payload.
Here’s a simple unobfuscated example: