Security investigators from ESET, CERT-Bund and other companies have been tracking the criminal activity of a Botnet, which has infected more than 25.000 UNIX servers over the past two years. The botnet is called "Windigo" after the name of a mythical creature of American folklore.
Infected servers were being used by criminals to send 35 million spam emails every day that managed to infect approximately 500.000 computers with malicious software.
“Every day over half a million computers were at risk contaminationς, αφού επισκεπτόταν websites that contained malware planted by Windigo,” said its security researcher ESET Marc-Étienne Leveille.
Most of the infected servers are located on USA, τη Γερμανία, τη Γαλλία και το Ηνωμένο Βασίλειο. Πολλοί από αυτούς τους servers ανήκουν σε παροχείς υπηρεσιών φιλοξενίας. Ο κατάλογος των θυμάτων περιλαμβάνει εταιρείες όπως την cPanel and kernel.org.
As the Theregister.co.uk, ESET has been investigating the malicious campaign for about a year. It discovered a total of 25.000 servers that were infected, while over 10.000 are still.
Mac users were not ignored by cyber criminals. While Windows users were directed to malware websites, Mac users were targeting adult content or ads from dating sites.
Leveille highlights the fact that the backdoor Ebury developed by the intruders was not used to exploit vulnerabilities on Linux or OpenSSH but implanted it manually.
"The fact that they managed to do this on tens of thousands of different servers is creepy. "While anti-virus and two-factor authentication are common protection measures on computers we use at home, they are rarely used to protect servers, making them vulnerable to credential theft and easy installation of malware," he said.
If you are a Linux system administrator and want to control your system you can run the following command
$ ssh -G 2> & 1 | grep -e illegal -e unknown> / dev / null && echo “System clean” || echo “System infected”
The infected devices should be completely deleted and the operating system should be reinstalled.
Above information about Windigo is available at PDF of ESET.