Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to news

Doctor Web specialists find new Linux backdoor

November 20, 2017

Doctor Web specialists have detected a new Linux backdoor, which is indirect evidence that cybercriminals have maintained their interest in Linux operating systems.

The Trojan, dubbed Linux.BackDoor.Hook.1, was detected by our security researchers in the library libz, which is used by several programs for compression and extraction. It operates only with binary files that ensure data transfers via the SSH protocol. Cybercriminals use a highly unusual method to connect to the backdoor: unlike other similar programs, Linux.BackDoor.Hook.1 doesn’t use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023.

The backdoor Linux.BackDoor.Hook.1 can download files indicated in a command it receives from cybercriminals, launch applications, or connect to a specific remote host. This Trojan poses no threat to our users. Its signature is already in Dr.Web Anti-virus for Linux’s database.

More about the Trojan

#Linux #backdoor #Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124