Doctor Web specialists find new Linux backdoor
Real-time threat news | Hot news | All the news | Virus alerts
November 20, 2017
The Trojan, dubbed Linux.BackDoor.Hook.1, was detected by our security researchers in the library libz, which is used by several programs for compression and extraction. It operates only with binary files that ensure data transfers via the SSH protocol. Cybercriminals use a highly unusual method to connect to the backdoor: unlike other similar programs, Linux.BackDoor.Hook.1 doesn’t use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023.
The backdoor Linux.BackDoor.Hook.1 can download files indicated in a command it receives from cybercriminals, launch applications, or connect to a specific remote host. This Trojan poses no threat to our users. Its signature is already in Dr.Web Anti-virus for Linux’s database.
#Linux #backdoor #Trojan