Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Multi-Purpose Backdoor Targets Linux Servers

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it. "First, Linux.BackDoor.Xnote.1 sends information about the infected system to the server. It then goes into standby mode and awaits further instructions. If the command involves carrying out some task, the backdoor creates a separate process that establishes its own connection to the server through which it gets all the necessary configuration data and sends the results of the executed task," the researchers explained.

6 of 98 comments (clear)

  1. HAHA by Anonymous Coward · · Score: 2, Informative

    You have to run the file as a system admin for it even to work. This is a non issue joke.

    1. Re:HAHA by Anonymous Coward · · Score: 0, Informative

      It's been predicted that as Linux gets more popular, more stupid people will use it. Welcome to what Windows has been dealing with. Of course Windows makes it easier and encourages these bad habits, but Linux is not magically immune to stupid users.

  2. Researchers? by JoeIsuzu83 · · Score: 5, Informative

    The source was Dr. Web's own marketing page.

    This smells like a press release (which smells coincidentally like spam).

  3. slow day on slashdot, by nimbius · · Score: 4, Informative

    "The malware will only be installed in a system if it has been launched with superuser (root) privileges"

    aaaand i've already gone back to my tea.

    any sysop worth her salt knows the rules:
    0. It will build without root or not at all.
    1. It will come from a repository or reputable source.
    2. It will check its md5 and check it twice.
    3. It will be compatible with standard secops tools like chroot, jails, cgroups, propolice, and selinux. this includes sandboxing.
    4. Isolate, quarantine, and deploy the secops team. any compromised machine, any network, any server without question.
    5. Slap about with a large bit of herring or trout the dev or luser in accordance with LART policies.

    --
    Good people go to bed earlier.
  4. Re:Attack vector Port is SSH (22), passwd guessing by Anonymous Coward · · Score: 5, Informative

    The linked article mistranslates the original russian.

    The vector is SSH, brute force attempts to guest the root password. The net-security article mistranslates to SSL.

  5. Re:Attack vector Port is SSH (22), passwd guessing by dargaud · · Score: 1, Informative

    Most linux systems don't have root passwords anymore. Use sudo, don't allow root logins and you are safe from those stupid 'so 1996' kind of attacks.

    --
    Non-Linux Penguins ?