Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
New warning over back door in Linux
Researchers working at Russian cyber security firm Dr Web claim to have found a new vulnerability that enables remote attackers to crack Linux installations virtually unnoticed.
According to the anti-malware company, cyber criminals are getting into the popular open-source operating system via a new backdoor.
This, they say, is "indirect evidence" that cyber criminals are showing an increasing interest in targeting Linux and the applications it powers.
The trojan, which it's calling Linux.BackDoor.Hook.1, targets the library libz primarily. It offers compression and extraction capabilities for a plethora of Linux-based programmes.
Hackers have found a "highly unusual method" to access the backdoor, the researchers said. "Linux.BackDoor.Hook.1 doesn't use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023."
Attackers can command the backdoor to download files, launch applications and connect to a specific remote use. However, the company said the threat doesn't affect any of its users.
Doctor Web has since issued an explainer detailing the flaw, which says: "A backdoor for Linux operating systems. It was detected in the libz library.
"During its operation, the Trojan intercepts calling of the following system functions: __libc_start_main, sscanf, __syslog_chk, fopen, and fgets. It is initialized in __libc_start_main; the main code is located in the sscanf function.
"It operates only with binary files that ensure data transfers via the SSH protocol. It fails to operate if the launched file name is the same as /usr/sbin/sshds.
"For external connection, it doesn't use a currently open socket. Instead it uses the first open socket out of 1,024. After this, the socket is moved to the zero descriptor, and the remaining 1,023 are shut down."
22/11/17 Çap et