Malware Hitting Linux Machines

Wednesday, May 21, 2014 @ 07:05 PM gHale


Linux is malware proof, right? Wrong.

This month showed a record-high number of Trojans for Linux, said researchers at AV manufacturer Dr. Web. And we still have some time to go in May.

RELATED STORIES
Malware Translates to Local Language
Malware Attack Approach: Deceptive Tactics
Top Q1 Mobile Threat Target: Android
Firms Watch Data Walk Out the Door

Different variants of three distinct Trojans all seem to come from the same person, the researchers said.

The mission for most of these Trojans is to carry out distributed denial of service attacks (DDoS) via a number of protocols and requests — they are capable of launching SYN, UDP, TCP and ping flooding, as well as of mounting DNS and NTP amplification attacks.

There are variants that target Linux ARM distributions, others that infect servers and desktops running 32-bit versions of Ubuntu and CentOS, others that target 64-bit versions of Linux.

Once on a target machine, the Trojans make sure they will start automatically each time the machine reboots, then they collect information about the system’s hardware and software (CPU model, available memory, OS version, etc.).

The information then goes via an encrypted message to the remote C&C server, from which the malware then receives commands on what to do next, i.e. which target to attack, and updates.

“The command servers facilitating control over the Trojans are located mainly in the territory of China, and the corresponding DDoS attacks are directed mainly against Chinese websites,” the researchers said. Infected Linux machines, on the other hand, are just in China.



Leave a Reply

You must be logged in to post a comment.