A New Linux malware strain could morph into serious threat
A new strain of malware that has been targeting Linux system is now being called as “ Linux/Shishiga” could pose as a dangerous security threat. The Eset disclosed about the threat that belongs to a new Lua family that has previously been overlooked on LuaBot malware.
The Linux/Shishiga uses four different protocols namely SSH, Telnet, HTTP and BitTorrent and Lua scripts for modularity says Detection Engineer Michal Malik, and Eset research team.
For those who don’ t know what is Lua? The Lua is a programming language characterized by its lightweight, embeddable nature scripting language. It supports procedural programming, object-oriented programming, functional programming, and data description.
The Linux/Shishiga uses the modules in the Lua language to make the malware more flexible. And it uses the brute force attack on weak credentials to get to the password list and uses the variety of different passwords to gain access.
The Shishiga is a binary packed with ultimate packer for executables (UPX) that has Shishiga adding data at the end of the packed file. After unpacking, it is linked to the Lua runtime library. It also combines the usage of Lua scripting language and linking it to Lua interpreter library.
" This means the authors either chose Lua as a scripting language for its ease of use," Malik said, " or inherited the code from another malware family, then decided to tailor it for each of the targeted architecture by linking statically the Lua library."
Despite the threat loomed in the air, the numbers of affected users were low and it clearly indicates that the work is still in progress. Eset warned the users that the count could increase rapidly and to stay vigilant at all times. Since it is using brute force attack on weak passwords, changing the passwords frequently could up the security against Shishiga.
To further barricade against this threat, especially if it is a data center, the users are warned not to use default Telnet and SSH credentials. According to Ansari, PCI/payments director at Schellman and company, " Defending against this category of threat requires the kind of defense in depth that security people have been talking about for a long time: aggressive patching, carefully reviewing log data, looking for suspicious files or processes, and rigorously tested incident response."
Comments ( 0 )
No comments available