Linux malware has been discovered
Malware itself doesn't include any exploitation module to hack into Linux machines; instead, the attackers are using other Trojans and techniques to compromise devices at the first place and then create a new backdoor login account using the username as "mother" and password as "fucker."Once backdoored and the attacker gets the list of all successfully compromised Linux machines, and then logs into them via SSH protocol and installs the SOCKS5 proxy server using Linux.Proxy.10 malware on it.This Linux malware is not at all sophisticated since it uses a freeware source code of the Satanic Socks Server to setup a proxy.
Linux users and administrators are recommended to tighten SSH security by limiting or disabling remote root access via SSH, and to know if your system has already been compromised, keep a regular watch on newly generated login users.
Solution:
Just edit /etc/ssh/sshd_config and set PermitRootLogin to 'no'. After that restart sshd daemon.
Other malware infecting Linux is Moose
Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can also infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator.
Post a Comment
Post a Comment