Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Multi-Purpose Backdoor Targets Linux Servers

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it. "First, Linux.BackDoor.Xnote.1 sends information about the infected system to the server. It then goes into standby mode and awaits further instructions. If the command involves carrying out some task, the backdoor creates a separate process that establishes its own connection to the server through which it gets all the necessary configuration data and sends the results of the executed task," the researchers explained.

6 of 98 comments (clear)

  1. Re:i must click dem! by jellomizer · · Score: 4, Insightful

    If you are a Windows Administrator who happens to get dumped with the odd Linux server. Xnote may seem like a good option for a text editor. Not as scary sounding things like.
    vi/vim (Ok you got in... Now why can't I type!, or vi short for Virus Infestation)
    emacs (This sounds like a Macintosh emulator to me)
    nano (Disk Compression tool?)

    Windows Admins are use to Notepad being the default text editor. XNote may be a good pick to choose.

    With us living in a mostly Linux world, the idea that there are professionals that don't know much about Linux is hard to imagine, but they are there. And sometimes they will get dumped a Linux box to manage, even if they don't know much about it.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Re:HAHA by jellomizer · · Score: 4, Insightful

    The sys-admin is actually a Windows Admin with a Linux box... He doesn't know better.

    The system was setup by the bosses kid nephew who is good with computers, gives everyone admin access because he doesn't know how to manage permissions.

    Lazy administrators tired of fixing permissions just gives everyone root access...

    Sure we can make fun of the people and say due to their neglect it is their own damn fault... But once it gets in, the damage is real.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  3. if they get you, they get you by Anonymous Coward · · Score: 1, Insightful

    "The malware, dubbed Xnote, gets delivered on the target computer after the attackers mount a successful brute force attack and establish an SSL connection with the machine."

    If someone brute-forces rootlevel creds on your machine, you're toast anyway, you always were.

  4. Re: ok by Anonymous Coward · · Score: 2, Insightful

    OpenBSD has always supported networking.

  5. Re:HAHA by Anonymous Coward · · Score: 0, Insightful

    I love slashdot... you can even blame a Linux backdoor on Microsoft and get modded +5 Insightful.

  6. Remember when /. was a serious technology mag .. by lippydude · · Score: 5, Insightful

    "A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers.

    How does the 'Trojan' get onto the target machines?

    "To spread the new Linux backdoor, dubbed Linux.BackDoor.Xnote.1, criminals mount a brute force attack to establish an SSL connection with a target machine .. The malware will only be installed in a system if it has been launched with superuser (root) privileges".

    For fucks-sake slashdot, remember when this was a serious technology mag, instead of providing free adverts to some AV company.