It is currently 18-08-2017 11:44

Discovered a new Linux backdoor, capable of DDoS-attacks

Discovered a new Linux backdoor, capable of DDoS-attacks

by sigismund » 2016-09-15 11:09:25


Presumably, the Trojan is distributed as part of a set of the ShellShock vulnerability in GNU Bash.


Experts of company "Doctor Web published an analysis of a new Linux Trojan designed to carry out DDoS-attacks. The researchers believe the malware known as Linux.DDoS.93 (according to the classification of "Doctor Web"), is distributed as part of a set of ShellShock vulnerability in GNU Bash.

In the process of the Trojan modifies several system folders Linux, providing own startup. After that, the program checks the infected computer for other copies of Linux.DDoS.93 and quit their job, if any.

After starting the Trojan creates two child process. The first is designed for data exchange with the C&C server, the attackers, the second constantly checks whether the parent process and in the case of stopping re-starts it. In turn, the latter also monitors the child process and, as necessary, restarts it. Thus, the Trojan ensures its continuous work on the infected system.

Linux.DDoS.93 can load and run specified in the command file, to start the process of cloudline, as well as to carry out DDoS attacks of various methods - UDP flood (in a specified or random port), TCP flood, HTTP flood using GET/POST/HEAD requests and so on.

When receiving a command to start DDoS attack, the Trojan stops all the child processes, and then launches 25 new processes to complete attack the specified attackers way.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5