Unhinged Linux backdoor still poses a nuisance, if not a threat

Internet Igors have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.

The backdoor, dubbed Dklkt-1 was designed to be a cross-platform nasty capable of infecting both Windows and Linux machines.

Cyber-criminals planned to equip the program with a large number of functions typical of SOCKS proxy servers, remote shells, file managers, and so on.

However, at the moment, the malware ignores the majority of incoming commands due to programming mistakes.

The Trojan – known by its creators as “DDoS Attacker for Gh0st(sweet version 1.0” – was carelessly put together. For one thing “the disassembled code contains some strange constructions that have absolutely nothing to do with Linux”, according to an advisory on the malware by Russian security software firm Doctor Web.

Unhinged Linux backdoor still poses a nuisance, if not a threat

Unhinged Linux backdoor still poses a nuisance, if not a threat

However, other elements of the malicious code suggest those behind the backdoor were far removed from rookie malware coders.

If successfully planted, the malware tries to register itself in the system as a daemon (system service). Thereafter it uses LZO compression and the Blowfish encryption algorithm to chat to command and control servers. Every packet contains a checksum, so that the recipient could verify data integrity.

Dklkt-1 waits for incoming commands that can include launching a DDoS attack, starting SOCKS proxy server, running a specified application, rebooting the computer, or turning it off. Other commands are either ignored or processed incorrectly.

The trojan – in its present form – basically lends compromised proxies to a variety of volumetric DDoS attacks (eg. SYN Flood, ICMP Flood and UDP Flood).

Detection for the Dklkt-1 Linux backdoor has been added to Dr.Web virus databases. Other security firms can be expected to follow suit.

Fuente:http://www.theregister.co.uk/

Advertisements

About webimprint

Webimprints is the leading company which provides global information security services to the client around the World.
This entry was posted in Cyber Security, Vulnerabilidad and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s