A Newly Discovered Trojan is Infecting Linux Systems and Possibly Building Up an Arsenal of Devices to be Used in Distributed Denial-of-Service (DDoS) Attacks, according to a Blog Post from Avast.
The New Threat, 'XOR.DDoS', Alters its Installation depending on the Victim's Linux Environment and then Later Runs a Rootkit to Avoid Detection. Although a Similar Trojan has been Spotted in Windows Systems, Peter Kálnai, Malware Analyst at Avast, Said in a Wednesday Interview with SCMagazine.com that, this Trojan Ventures into relatively Untapped Territory by Targeting Linux Systems.
“It's very hard to set a rootkit component within a Linux boundary because, it needs to agree with the versions of the victims' operating systems”, Kálnai Said.
Attackers Using 'XOR.DDoS' Prey on Users Who Haven't Changed Default Logins for their Devices through Brute Force Tactics against Various Network IDs. If Successful, the Trojan will then Determine Whether it's Compatible with the Kernel Headers Installed on the Victims' Systems and Install a Rootkit, if so.
“The rootkit hides all the files that are indicators of compromise so, the victims could not see those indicators”, Kálnai Explained. “It also hides processes and other indicators of compromise.”
Kálnai Said that, the Rootkit Aspect of the Attack was 1st Spotted around October 2014. The Trojan itself was Initially Detailed on MalwareMustDie in September 2014.
The Trojan and its Variants Can Infect 32-Bit and 64-Bit Linux Web Servers and Desktops, as well as, ARM Architecture, which Could Indicate that Routers, Internet of Things (IoT) Devices, NAS Storages and 32-Bit ARM Servers could be also be Affected, the Blog Post Said.
Not Many Infections Have been Detected Yet, although those that Have been Don't Follow a Particular Pattern. Both Enterprises and Individuals could be Impacted, although Kálnai Noted that, Individuals should be Particularly Aware of the Threat, as Enterprises Typically Have Stronger Security Measures in Place.
The Avast Analyst also Noted a Small Group is likely Behind Most Infections because, the Trojan Hasn't been Spotted on any Forums.
Info Sources:
https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/#more-33072
http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html
terça-feira, 13 de janeiro de 2015
Stealthy 'XOR.DDoS' Trojan Infects Linux Systems, Installs Rootkit
14:15
No comments
0 comentários:
Enviar um comentário