Date:22/11/17
According to the anti-malware company, cyber criminals are getting into the popular open-source operating system via a new backdoor.
This, they say, is "indirect evidence" that cyber criminals are showing an increasing interest in targeting Linux and the applications it powers.
The trojan, which it's calling Linux.BackDoor.Hook.1, targets the library libz primarily. It offers compression and extraction capabilities for a plethora of Linux-based programmes.
Hackers have found a "highly unusual method" to access the backdoor, the researchers said. "Linux.BackDoor.Hook.1 doesn't use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023."
Attackers can command the backdoor to download files, launch applications and connect to a specific remote use. However, the company said the threat doesn't affect any of its users.
Doctor Web has since issued an explainer detailing the flaw, which says: "A backdoor for Linux operating systems. It was detected in the libz library.
"During its operation, the Trojan intercepts calling of the following system functions: __libc_start_main, sscanf, __syslog_chk, fopen, and fgets. It is initialized in __libc_start_main; the main code is located in the sscanf function.
"It operates only with binary files that ensure data transfers via the SSH protocol. It fails to operate if the launched file name is the same as /usr/sbin/sshds.
"For external connection, it doesn't use a currently open socket. Instead it uses the first open socket out of 1,024. After this, the socket is moved to the zero descriptor, and the remaining 1,023 are shut down."
New warning over back door in Linux
Researchers working at Russian cyber security firm Dr Web claim to have found a new vulnerability that enables remote attackers to crack Linux installations virtually unnoticed.According to the anti-malware company, cyber criminals are getting into the popular open-source operating system via a new backdoor.
This, they say, is "indirect evidence" that cyber criminals are showing an increasing interest in targeting Linux and the applications it powers.
The trojan, which it's calling Linux.BackDoor.Hook.1, targets the library libz primarily. It offers compression and extraction capabilities for a plethora of Linux-based programmes.
Hackers have found a "highly unusual method" to access the backdoor, the researchers said. "Linux.BackDoor.Hook.1 doesn't use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023."
Attackers can command the backdoor to download files, launch applications and connect to a specific remote use. However, the company said the threat doesn't affect any of its users.
Doctor Web has since issued an explainer detailing the flaw, which says: "A backdoor for Linux operating systems. It was detected in the libz library.
"During its operation, the Trojan intercepts calling of the following system functions: __libc_start_main, sscanf, __syslog_chk, fopen, and fgets. It is initialized in __libc_start_main; the main code is located in the sscanf function.
"It operates only with binary files that ensure data transfers via the SSH protocol. It fails to operate if the launched file name is the same as /usr/sbin/sshds.
"For external connection, it doesn't use a currently open socket. Instead it uses the first open socket out of 1,024. After this, the socket is moved to the zero descriptor, and the remaining 1,023 are shut down."
Views: 459
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World