[dba-Tech] Linux.Proxy.10, the Trojan
John R Bartow
jbartow at winhaven.net
Thu Jan 26 18:24:45 CST 2017
http://thehackernews.com/2017/01/linux-proxy-malware.html?utm_source=feedbur
ner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+
-+Security+Blog%29&_m=3n.009a.1415.kp0aof74zx.u4m
http://tinyurl.com/hfay8em
A new Trojan has been discovered in the wild that turns Linux-based devices
into proxy servers, which attackers use to protect their identity while
launching cyber-attacks from the hijacked systems.
Dubbed Linux.Proxy.10, the Trojan was first spotted at the end of last year
by the researchers from Russian security firm Doctor Web, who later
identified thousands of compromised machines by the end of January this year
and the campaign is still ongoing and hunting for more Linux machines.
According to researchers, the malware itself doesn't include any
exploitation module to hack into Linux machines; instead, the attackers are
using other Trojans and techniques to compromise devices at the first place
and then create a new backdoor login account using the username as "mother"
and password as "fucker."
Once backdoored and the attacker gets the list of all successfully
compromised Linux machines, and then logs into them via SSH protocol and
installs the SOCKS5 proxy server using Linux.Proxy.10 malware on it.
This Linux malware is not at all sophisticated since it uses a freeware
source code of the Satanic Socks Server to setup a proxy.
According to the security firm, thousands of Linux-based devices have
already been infected with this new Trojan.
Besides this, the same server - belonging to the cybercriminals who
distribute the Linux.Proxy.10 malware - not only contained the list of
compromised devices but also hosted the control panel of a Spy-Agent
computer monitoring software and a Windows malware from a known family of
Trojan spyware, called BackDoor.TeamViewer.
This is not the first time when such Linux malware has been discovered.
Over a year ago, ESET security researchers uncovered a similar malware,
dubbed Moose, that also had the capability to turn Linux devices into proxy
servers that were then used for launching armies of fake accounts on social
media networks, including Instagram, and Twitter.
Linux users and administrators are recommended to tighten SSH security by
limiting or disabling remote root access via SSH, and to know if your system
has already been compromised, keep a regular watch on newly generated login
users.
More information about the dba-Tech
mailing list