Saturday, 13 December 2014

Linux espionage virus first made possible for Solaris

This week researchers announced that they had a spy virus for Linux discovered , but the Finnish anti-virus firm F-Secure says that the malware is possible first developed for Solaris. The Turla backdoor, also known as Snake or Urburos, was known only deployed against Windows.

Now Kaspersky Lab reported that it had discovered a Linux variant. The malware, according to researchers, a number of interesting features, with the ability to sniff the network interface is most striking. The malware can namely the Command & Control server, which controls the infected machine, adjust according to the network traffic. The attackers only need to send a special packet to the machine to activate the malware.

Furthermore, the malware acts as a normal "remote access trojan" (RAT) and allows attackers to download and upload files and execute commands. Researchers at F-Secure discovered in the code some remarkable system paths. It went to directories that are normally used in a Solaris environment.

Researchers have therefore questioned whether the backdoor is not first developed to attack Solaris servers. The code rates can be easily adjusted for other platforms. "It is no surprise if we malware the coming days also find on Solaris servers," says Jarkko Palviainen F-Secure.

No comments:

Post a Comment