Перейти к содержимому


Фото
- - - - -

"Doctor Web" warns a new Linux-Trojan


  • Please log in to reply
1 ответов в теме

#1 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 267 Сообщений:

Отправлено 14 Сентябрь 2016 - 10:39

September 13, 2016

 

DDoS (. English Distributed Denial of Service, distributed attack, leading to a denial of service) - the most common method of attacks on network resources. Attackers sent to the target server a large flow of requests, which he is unable to cope, causing its failure. Often such attacks using special malware. One of them, called Linux.DDoS.93, examined analysts 'Doctor Web'.

 

Linux.DDoS.93 Trojan created by virus writers to infect devices running the Linux operating systems. Presumably, this malware is distributed by means of a set of ShellShock vulnerabilities in GNU Bash program.

Linux.DDoS.93 When you start trying to change the contents of a number of Linux system folders, to ensure their own startup. The Trojan then searches for the target machine other instances Linux.DDoS.93 and, if found, cease their work.

Successfully launched in the infected system, Linux.DDoS.93 creates two child processes. First communicates with the management server, and the second in a continuous loop checks if the parent process is running and restarts when it stops. In turn, the parent process also monitors the child and restart it if necessary - so the Trojan maintains its continuous work on the infected machine.

Linux.DDoS.93 able to perform the following commands:

  • update malware;
  • download and run the file specified in the command;
  • samoudalitsya;
  • launch an attack by UDP flood on the specified port;
  • launch an attack by UDP flood on a random port;
  • launch an attack by Spoofed UDP flood;
  • TCP flood attack start method;
  • TCP flood attack start method (in the packages are recorded random data length of 4096 bytes);
  • start HTTP flood attack by using the GET-requests;
  • start HTTP flood attack by using a POST-request;
  • start HTTP flood attack by using HEAD-requests;
  • send to 255 random HTTP-requests with the specified parameters IP-addresses;
  • to complete;
  •  to send the command "Ping".

When the Trojan is instructed to start a DDoS-attack, or send random queries, he first stops all child processes and then runs 25 new processes and carry out the attack indicated by intruders. Linux.DDoS.93 signature is added to the virus database Dr.Web, so it does not pose a risk to our users.

More about Trojans

 

 

Sources:

 

Russian : http://news.drweb.ru/show/?i=10198&lng=ru&c=5

English : as soon as possible!


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @Parhamx

 

Best Regards,

Parham


#2 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 267 Сообщений:

Отправлено 14 Сентябрь 2016 - 17:41

English Source : http://news.drweb.com/show/?i=10198&c=5&lng=en&p=0


Сообщение было изменено Mr.Pr: 14 Сентябрь 2016 - 17:42

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @Parhamx

 

Best Regards,

Parham



Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых