Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Multi-Purpose Backdoor Targets Linux Servers

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it. "First, Linux.BackDoor.Xnote.1 sends information about the infected system to the server. It then goes into standby mode and awaits further instructions. If the command involves carrying out some task, the backdoor creates a separate process that establishes its own connection to the server through which it gets all the necessary configuration data and sends the results of the executed task," the researchers explained.

5 of 98 comments (clear)

  1. i must click dem! by sneakyimp · · Score: 5, Funny

    Well those certainly look like reputable links by famous 'researchers' to me! As an IT guy, I'll definitely have to go click on them so that my workstation gets infected too.

  2. Researchers? by JoeIsuzu83 · · Score: 5, Informative

    The source was Dr. Web's own marketing page.

    This smells like a press release (which smells coincidentally like spam).

  3. Come on! by Anonymous Coward · · Score: 5, Interesting

    Come on!!!

    What vulnerability? What port? What gets attacked?

    Is there more than one vulnerability?

    I wonder -- I really, really wonder. Are Slashdot "editors" getting kickbacks?

    What a loaded pile of crappy advertising.

  4. Re:Attack vector Port is SSH (22), passwd guessing by Anonymous Coward · · Score: 5, Informative

    The linked article mistranslates the original russian.

    The vector is SSH, brute force attempts to guest the root password. The net-security article mistranslates to SSL.

  5. Remember when /. was a serious technology mag .. by lippydude · · Score: 5, Insightful

    "A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers.

    How does the 'Trojan' get onto the target machines?

    "To spread the new Linux backdoor, dubbed Linux.BackDoor.Xnote.1, criminals mount a brute force attack to establish an SSL connection with a target machine .. The malware will only be installed in a system if it has been launched with superuser (root) privileges".

    For fucks-sake slashdot, remember when this was a serious technology mag, instead of providing free adverts to some AV company.