Rakos Linux Malware Backdoor

ESET security company has discovered a new form of malware that targets Linux devices. Malicious software can give full control of the affected device to hackers, leaving a door open for too many other malicious actions, such as DDoS attacks.

The new ονομάστηκε Rakos, και χρησιμοποιείται για επιθέσεις σε φορητές συσκευές και servers που έχουν ανοιχτή τη θύρα της SSH. Αν βρει κάποια θύρα ανοιχτή στο πρωτόκολλο SSH χρησιμοποιεί επιθέσεις brute force για να σπάσει τον s.Linux malware

ESET claims that Rakos creators want to infect as many systems as possible to create a botnet that they could use for other malicious attacks such as DDoS attacks or spam spread.

Initially, attackers scan systems for vulnerabilities by analyzing predefined IPs. We should mention that machines that use very weak passwords are most at risk as brute force attacks take much longer in large codes.

Once the victim's Linux device has been accessed, Rakos launches a local HTTP service available at http: // 127.0.0.1: 61314 for two different purposes.

"The first is a sly way for future versions of the bot to stop various processes regardless of their name by simply asking for the address http://127.0.0.1:61314/et and the second tries to parse a URL query with parameters "ip", "u", "p", requesting the address http://127.0.0.1:61314/ex. The purpose of this / ex HTTP is not yet clear, "according to ESET.

The malware automatically scans the infected system and collects information that it then sends to a C&C server. The information includes IPs, usernames and passwords.

A conf locally stored conf makes it possible to access a backdoor for the attacker to access and some other time in the future.

It is important to emphasize that SSH's complex passwords are virtually impossible to break from this malware, and attackers are mostly looking for devices that use weak passwords.

If for some reason your Linux machine is infected, you should log in using SSH/Telnet and search for a called .javaxxx. Make sure it is the one used for spam connections and kill the process.

Read more on ESET's publication.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

backdoor cutsbotnetbruteddosstrengthhackershttpI'm sureIPlinuxmalwareserversSSHURLsecurityAppliancesdevicesystemservice

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).