Botnet Targets Linux Platforms

Wednesday, September 7, 2016 @ 02:09 PM gHale


A Trojan coded in Lua is targeting Linux platforms with the goal of adding them to a global botnet, researchers said.

The goal in creating this global botnet is to pull off distributed denial of service (DDoS) attacks, said the MalwareMustDie! researcher.

RELATED STORIES
Botnet Branches Out into Ransomware
Botnet Returns to Growth Mode
Android Botnet Uses Twitter for C&C
Linux Botnets Lead in DDoS Attacks

LuaBot’s primary purpose is to compromise Linux systems, IoT devices or web servers, and add them as bots inside a bigger botnet.

LuaBot uses an ELF binary that targets ARM platforms, usually found in embedded IoT devices.

MalwareMustDie didn’t find any malicious functionality outside the capabilities of adding devices to a centrally controlled botnet.

LuaBot is in its early stages of development, with the first detection being reported only a week ago and a zero detection rate on VirusTotal for current samples, the researcher said. There are limited details about its distribution and infection mechanism.

MalwareMustDie reverse-engineered some of the Trojan’s code and discovered the bot communicates with a C&C server hosted in the Netherlands on the infrastructure of dedicated server hosting service WorldStream.NL.

The researcher also found LuaBot’s developer left a message behind for all the infosec professionals trying to deconstruct his code. The message reads, “Hi. Happy reversing, you can mail me: [REDACTED .ru email address].”