Linux is considered as one of the most secure operating systems but things seem to be changing as cyber criminals are equipping themselves with the latest tools. That’s why recently, researchers at Doctor Web have discovered a Linux trojan that can turn an infected Linux device and websites into a P2P botnets.
Usually, a malware is designed to infect devices in order to steal financial and personal data but ”Linux.Rex.1” malware has the ability to perform DDoS attacks from the infected device, send malicious messages and distribute itself to others networks.
Once the device is infected, the malware sets it up as a bot and takes instruction from unknown cyber criminals using command and control (C&C) servers. It then distributes itself onto other networks using the same infected device that’s why Dr. Web labeled it as peer-to-peer (P2P) botnet.
A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g. to send spam.
The malware program receives instructions over the HTTPS protocol and sends them to other botnet nodes, if necessary. When commanded by cyber criminals, Linux.Rex.1 starts or stops a DDoS attack on a specified IP address. Other than aforementioned functions this malware also sends spam messages to website owners threatening them with DDoS attacks and pay ransom in Bitcoin in order to avoid attacks, as cited by Dr. Web.
That’s not all, Linux.Rex.1 also carries a special module within, allowing it to run scans on the infected network for websites based on Drupal, Magento, JetSpeed and WordPress CMS. Dr. Web also noticed that Drupal based websites are a special target of this malware since it has the ability to perform vulnerability scan and using SQL injection to hack websites, upon hacking, the malware makes a clone of the site and distributes itself on further networks.
Dr. Web has labeled the Linux.Rex.1 a serious that for Linux and website users – so watch out for this one folk!
None OS is secure now.
ReplyDelete