ESET discovers Kobalos attacking supercomputers

The new threat took its name from Greek mythology, as the Kovaloi were cunning, tiny followers of Dionysus.

The της ESET ανακάλυψαν το Kobalos, ένα κακόβουλο λογισμικό που επιτίθεται σε υπερυπολογιστές – συστάδες υπολογιστών υψηλής απόδοσης (HPC). Η ESET συνεργάστηκε με την Ομάδα Ασφάλειας Υπολογιστών του CERN και άλλους οργανισμούς που εμπλέκονται στη αντιμετώπιση επιθέσεων στα δίκτυα επιστημονικής έρευνας. Μεταξύ των στόχων ήταν ένας μεγάλος Πάροχος Υπηρεσιών Διαδικτύου (ISP) στην Ασία, ένας προμηθευτής λύσεων endpoint in North America, as well as several private servers.

Οι ερευνητές της ESET έχουν επεξεργαστεί μέσω ανάστροφης μηχανικής (reverse engineering ) αυτό το μικρό, αλλά περίπλοκο κακόβουλο λογισμικό που είναι φορητό σε πολλά λειτουργικά συστήματα, συμπεριλαμβανομένων των Linux, BSD, Solaris και πιθανώς AIX και .

“We named this malware Kobalos for its small code size and cunning methods. In Greek mythology, Kovalos is a small, cunning creature," explains Marc-Etienne Léveillé, who in Kobalos. "We should note that this level of sophistication is rarely seen in Linux malware," adds Léveillé.

Kobalos is a backdoor that contains commands that do not reveal the intent of the attackers. "In short, Kobalos provides remote access to the file system, the ability to play terminal sessions, and allows proxy connections to other servers infected with Kobalos," says Léveillé.

Any server infected with Kobalos can be converted to a Command & Control (C&C) server with a single command from the operators. As the IP addresses and ports of the C&C server are integrated into the executable program, operators can then create new samples of Kobalos using this new C&C server. In addition, on most systems infected with Kobalos, the SSH client steals credentials.

“The credentials of those using the SSH client on an infected are recorded. These credentials can then be used by attackers to install Kobalos on the new server,” adds Léveillé. Setting up two-factor authentication to connect to SSH servers will mitigate the threat, as using stolen credentials appears to be one of the ways it can spread to different systems.

More technical details about Kobalos can be found at blogpost “Kobalos - A complex Linux threat to high performance computing infrastructure”At WeLiveSecurity.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

ESETKobalos

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).