My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web specialists find new Linux backdoor

November 20, 2017

Doctor Web specialists have detected a new Linux backdoor, which is indirect evidence that cybercriminals have maintained their interest in Linux operating systems.

The Trojan, dubbed Linux.BackDoor.Hook.1, was detected by our security researchers in the library libz, which is used by several programs for compression and extraction. It operates only with binary files that ensure data transfers via the SSH protocol. Cybercriminals use a highly unusual method to connect to the backdoor: unlike other similar programs, Linux.BackDoor.Hook.1 doesn’t use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023.

The backdoor Linux.BackDoor.Hook.1 can download files indicated in a command it receives from cybercriminals, launch applications, or connect to a specific remote host. This Trojan poses no threat to our users. Its signature is already in Dr.Web Anti-virus for Linux’s database.

More about the Trojan

#Linux #backdoor #Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments