It is currently 24-09-2017 15:13

Discovered the first malicious software for Linux, written in Lua

Discovered the first malicious software for Linux, written in Lua

by sigismund » 2016-09-07 13:23:35


LuaBot infects servers and devices "Internet of things" and makes them part of a botnet


LuaBot infects servers and devices "Internet of things" and makes them part of the bumps.

The researchers MalwareMustDie! reported a botnet of computers infected with Trojan LuaBot written in scripting language Lua. This family represents the most new malware for Linux, infecting servers and devices "Internet of things".

Currently, the purpose of the botnet is not known. The analysis LuaBot experts MalwareMustDie! found the code responsible for a DDoS attack, however it to speak still early. LuaBot is an executable file format ELF infecting embedded devices with processors based on ARM architecture. According to the researchers, before they had to face written in Lua malware for Linux in ELF format.

With the help of reverse engineering of the code, Trojan the experts were able to detect that it connects to C&C server in the Netherlands, owned by the hosting provider WorldStream.NL. The researchers also found code that is marked as "penetrate_sucuri". This probably indicates the ability LuaBot to bypass the firewall Sucuri Web Application Firewall, but experts have not yet conducted the relevant testing.

As it turned out, the author LuaBot left a message for those who try to analyse the code of the malware: "Hi. Happy reversing, you can mail me: [address in the domain zone .EN]" ("hi. Happy reverse engineering, you can email me: [address in the domain zone .EN]").

Currently LuaBot is at an early stage of development. The first Trojan was discovered last week and is not listed in VirusTotal.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5