Wednesday, 5 August 2015

Trojan Horse Hijacks Linux Routers Via Shellshock Leak

Worldwide, nearly 1500 Linux routers hijacked by a Trojan, that the devices then switch to attack other systems and servers. The PNScan Trojan, as malware by the Russian Doctor Web is called, uses the Shellshock leak last September before taking on Linux routers with ARM, MIPS- or PowerPC architecture.

In addition, the Trojan also installs other malware on hacked routers already present. Shell Shock is the name for a vulnerability in Bash. This is a Unix shell commands with which it can be given to the system. It is used for many applications and many programs running in the background. Last September, the vulnerability was found and patched, but still there are vulnerable systems on the Internet.

If PNScan the router is installed on the Shellshock leak, there is other malware installed on the device. The malware then perform a scan on a range of IP addresses. After this, the malware can perform different attacks. Also, the malware that is installed in addition to the router is able to carry out attacks. It is in this case to DDoS attacks and attempts to take over phpMyAdmin installations.

Besides PNScan there has also been discovered a variant of the Trojan horse. This version does not use the Shellshock leak, but uses weak passwords to gain access via SSH. Worldwide in 1439 were found infected with PNScan routers.

No comments:

Post a Comment