Malware

Researchers analyze faulty new Linux backdoor

Researchers at Dr. Web have discovered a faulty trojan designed as a backdoor for Linux that could also target Windows systems.

Identified as Linux.BackDoor.Dklkt.1, the trojan – possibly of Chinese origin – is designed to perform functions typical of file managers, SOCKS proxy servers, and remote shells; however, it ignores several of its commands due to poor design, a post indicated.

Some of the commands the trojan awaits include change remark, open shell, run an application, start proxy, exit, reboot and turn off a computer. Some of the commands that are ignored include update itself, receive user data and remove itself.

According to the post, the trojan can launch distributed denial-of-service (DDoS) attacks such as SYN Flood, HTTP Flood (POST/GET request), ICMP Flood, TCP Flood, and UDP Flood. The Drv Flood has not been implemented.

Related

Antivirus updates exploited for GuptiMiner malware deployment

Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrency mining payloads, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.