The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Linux malware

New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps

New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps

September 30, 2015Swati Khandelwal
A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS ) attacks of over 150 gigabits per second (Gbps). The distributed denial-of-service network, dubbed XOR DDoS Botnet , targets over 20 websites per day , according to an advisory published by content delivery firm Akamai Technologies. Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions. XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside. How XOR DDoS Botnet infects Linux System? Unlike other DDoS botnets , the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain ro
New GPU-based Linux Rootkit and Keylogger with Excellent Stealth and Computing Power

New GPU-based Linux Rootkit and Keylogger with Excellent Stealth and Computing Power

May 09, 2015Swati Khandelwal
The world of hacking has become more organized and reliable over recent years and so the techniques of hackers. Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack. And there is something new to the list: A team of developers has created not one, but two pieces of malware that run on an infected computer's graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency. The two pieces of malware: Jellyfish Rootkit for Linux operating system Demon Keylogger The source code of both the Jellyfish Rootkit and the Demon keylogger, which are described as proof-of-concepts malware, have been published on Github. Until now, security researchers have discovered nasty malware running on the CPU and exploiting the GPU capabilities in an attempt to mine cryptocurrencies such as Bitcoins. However, these two malware co
Mumblehard Malware Targets Linux and FreeBSD Servers

Mumblehard Malware Targets Linux and FreeBSD Servers

May 02, 2015Swati Khandelwal
Thousands of computers and web servers running Linux and FreeBSD operating systems have been infected over past five years with sophisticated malware that turn the machines into spambots. The new Linux malware, discovered by the security researchers from the antivirus provider Eset, has been dubbed " Mumblehard " because it is Muttering spam from your servers , says Eset 23-page long report (PDF) titled "Unboxing Linux/Mumblehard." Researchers have logged more than 8,500 unique IP addresses during the seven months period of research that were hit by Mumblehard Linux malware and found over 3,000 machines joined them in the past three weeks. Mumblehard features two basic components: Backdoor  Spamming daemon  Both written in the Perl programming language and "feature the same custom packer written in assembly language." The backdoor allows hackers to infiltrate into the system and control the command and control servers, and t
Powerful Linux Trojan 'Turla' Infected Large Number of Victims

Powerful Linux Trojan 'Turla' Infected Large Number of Victims

December 09, 2014Mohit Kumar
Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of a larger puzzle called " Turla ," one of the most complex Advanced Persistent Threats (APTs) uncovered by researchers at Kaspersky Lab in August, remained hidden on some systems for at least four years. The malware was notable for its use of a rootkit that made it extremely hard to detect. The German security company G Data believed that Turla campaign is linked to Russia and has in the past exploited a variety of Windows vulnerabilities, at least two of which were zero-days, to infect government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. Recently, security researchers from Moscow-based Kaspersky Lab
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

March 20, 2014Anonymous
Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux . Darlloz , earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin. Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year. Linux . Darlloz worm exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate and is capable to infect devices those run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL. The latest variant of Linux . Darlloz equipped with an open source crypto currency mining tool called ' cpuminer ', could be use
Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

March 18, 2014Mohit Kumar
In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH b ackdoor trojan and  credential stealer  named Linux/Ebury ,  that allows  unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and  investigating the operation behind Linux/Ebury and today team  uncovers the details [ Report PDF ] of a massive,  sophisticated and organized  malware campaign called ' Operation Windigo ', infected more than 500,000 computers and 25,000 dedicated servers. ' We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malware components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group. '  ESET reported. Malware used in Operation Windigo: Linux/Ebury –  an OpenSSH backdoor use
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.