November 20, 2017
The Trojan, dubbed Linux.BackDoor.Hook.1, was detected by our security researchers in the library libz, which is used by several programs for compression and extraction. It operates only with binary files that ensure data transfers via the SSH protocol. Cybercriminals use a highly unusual method to connect to the backdoor: unlike other similar programs, Linux.BackDoor.Hook.1 doesn’t use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023.
The backdoor Linux.BackDoor.Hook.1 can download files indicated in a command it receives from cybercriminals, launch applications, or connect to a specific remote host. This Trojan poses no threat to our users. Its signature is already in Dr.Web Anti-virus for Linux’s database.#Linux #backdoor #Trojan
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.