FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP PL KZ UA BY
Close
News

News by topic

Virus alerts
The Anti-virus Times
News boxes
Press center

Back to news

Doctor Web specialists find new Linux backdoor

November 20, 2017

Doctor Web specialists have detected a new Linux backdoor, which is indirect evidence that cybercriminals have maintained their interest in Linux operating systems.

The Trojan, dubbed Linux.BackDoor.Hook.1, was detected by our security researchers in the library libz, which is used by several programs for compression and extraction. It operates only with binary files that ensure data transfers via the SSH protocol. Cybercriminals use a highly unusual method to connect to the backdoor: unlike other similar programs, Linux.BackDoor.Hook.1 doesn’t use a currently open socket. Instead it uses the first open socket out of 1,024 and shuts down the remaining 1,023.

The backdoor Linux.BackDoor.Hook.1 can download files indicated in a command it receives from cybercriminals, launch applications, or connect to a specific remote host. This Trojan poses no threat to our users. Its signature is already in Dr.Web Anti-virus for Linux’s database.

More about the Trojan

#Linux #backdoor #Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

Dr.Web © Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies

Doctor Web in social networks

[Facebook] [Twitter] [Instagram] [YouTube]

Link accounts

For Telegram

Privacy Policy