IoT-Trojaner za LinuxZaposlenici antivirusnog softvera
Dr. Web je pronašli su trojanera koji može napasti gotovo sve uređaje pod Linuxom i tako slati spam mailove.Postoje dvije gradnje trojanera koji mogu napasti uređaje sa x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 68000 i SPARC što znači da
Linux.ProxyM može napasti gotovo sve Linux uređaje, Router-e, Set-Top Boxen i druge hardverske uređaje.
Linux Trojan. Once launched, it attempts to detect honeypots using special symbols of a terminal:- Kod: Označi sve
/bin/busybox wget; /bin/busybox 81c46036wget; /bin/busybox echo -ne '\x0181c46036\x7f'; /bin/busybox printf '\00281c46036\177'; /bin/echo -ne '\x0381c46036\x7f'; /usr/bin/printf '\00481c46036\177'; /bin/busybox tftp; /bin/busybox 81c46036tftp;
Connects to the command and control server, the address of which is stored in the executable file. Receives 4 bytes and sends the data package:- Kod: Označi sve
struct StartPacket {
short field_0; // checksum of the whole package
short field_2; // version (0x11)
int field_4; // checksum field_2
int field_8; // received bytes
int field_C; // checksum field_8
}
Prema statistici
Dr. Web svaki zaraženi uređaj šalje oko 400 spamova u 24 sata.
Više informacija može se pročitati ovdje:
https://news.drweb.com/show/?i=11467&c=9&lng=en&p=0Linux.ProxyM.1:
https://vms.drweb.com/virus/?_is=1&i=15389229LP b4sh