Slashdot Mirror
Stealthy Linux Trojan May Have Infected Victims For Years
An anonymous reader writes: Researchers from Moscow-based Kaspersky Labs have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.
The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.
The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.
It's an ordinary piece of malware.
It talks home to a hard-coded URL.
It has to have a secret "knock" before it will talk back to you (port-knocking has uses both ways, it seems!).
It contains easily-greppable strings.
Quite what distinguishes this from other malware, I'm not too sure. Just that nobody had seen it before?