Record month for Linux Trojans
Posted on 19.05.2014
If you think that you are protected from malware if you use Linux, think again, warn researchers from AV manufacturer Dr. Web, who identified and examined a record-high number of Trojans for Linux this month - and the month isn't over yet.

According to the researchers, the different variants of three distinct Trojans they found seem all to have been created by the same person.

Most of these Trojans are created to carry out DDoS attacks via a number of protocols and requests - they are capable of launching SYN, UDP, TCP and ping flooding, as well as of mounting DNS and NTP amplification attacks.

There are variants that target Linux ARM distributions, others that infect servers and desktops running 32-bit versions of Ubuntu and CentOS, others still that target 64-bit versions of Linux.

Once on a target machine, the Trojans first make sure that they will be started automatically each time the machine is rebooted, then they collect information about the system's hardware and software (CPU model, available memory, OS version, etc.).

The information is then sent in encrypted from to the remote C&C server, from which the malware then receives commands on what to do next, i.e. which target to attack, and updates.

"The command servers facilitating control over the Trojans are located mainly in the territory of China, and the corresponding DDoS attacks are directed mainly against Chinese websites," they noted. Infected Linux machines, on the other hand, are not located only in China, so be careful.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th