Doctor Web warns about new Trojan for Linux
September 14, 2016
The Trojan Linux.DDoS.93 was created to attack computers running under the Linux operating system. Presumably, it is spread via a set of ShellShock vulnerabilities in GNU Bash.
Once launched, the Linux.DDoS.93 tries to alter the contents of system directories to ensure that it gets run automatically. After that, the Trojan checks whether other copies of Linux.DDoS.93 are present on the infected computer and shuts down any it finds.
When launched successfully, the Trojan creates two child processes. The first one exchanges data with a command and control server. The second one verifies the parent process is running in an infinite loop (if not, it launches it). The parent process then does the same for the child process—thus, the Trojan operates continuously on the infected machine.
The Linux.DDoS.93 can execute the following commands:
- Update the malicious program
- Download and run the file specified in the command
- Remove itself
- Launch a UDP flood attack on a specified port
- Launch a UDP flood attack on a random port
- Launch a Spoofed UDP flood attack
- Launch a TCP flood attack
- Launch a TCP flood attack (random data up to 4096 B long is added to the packages)
- Launch an HTTP flood attack using GET requests
- Launch an HTTP flood attack using POST requests
- Launch an HTTP flood attack using HEAD requests
- Send HTTP requests with the parameters specified to 255 random IP addresses
- Terminate execution
- Send a PING command
When the Trojan receives the command to launch a DDoS attack or send random requests, it first shuts down all the child processes and then launches 25 new ones which subsequently carry out criminal-ordered attacks. The signature of Linux.DDoS.93 has been added to the Dr.Web virus databases. Thus, users of Dr.Web for Linux are reliably protected.
Your opinion counts
Sign in or register to comment on our news posts and take advantage of other benefits available to registered users. You will be awarded one Dr.Webling per comment. You can exchange your Dr.Weblings for gift certificates that can be used to purchase Dr.Web at a discount.